Security Incidents mailing list archives

Re: Yahoo mail

From: "Aaron D. Turner" <aturner () ONESECURE COM>
Date: Fri, 10 Nov 2000 11:48:43 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Pretty simple actually.  Just look in the email headers of the email.
You'll find a line like this right above the date/from fields in the
headers:

Received: from [xxx.xxx.xxx.xxx] by web10706.mail.yahoo.com

where xxx.xxx.xxx.xxx is the IP address of the client web browser, NOT the
yahoo.com server.

- --
Aaron D. Turner  Security Architect, OneSecure   http://www.onesecure.com/
aturner () onesecure com  work: 408-992-8045  cell: 408-314-9874
pub  1024D/1B57EB4D 2000-09-27 Aaron D. Turner <aturner () onesecure com>
     Key fingerprint = F90C BFB4 4404 5504 295D  4435 578B 1DD5 1B57 EB4D
All emails by me are PGP signed; a lack of signature indicates a forgery.

On Thu, 9 Nov 2000, Darren Welch wrote:

Hi everyone!

Someone in our company received an email from a person at Yahoo mail. I want to track the source of the email but am 
I correct that the trace will only lead me to the smtp server at Yahoo. Is there a way to find out the IP address of 
the person before it got to the yahoo mail server without a subpeona? Thanks

Darren Welch
Information Security Administrator
Wyeth Ayerst Laboratories
Phone: 610-902-2676
welchd () labs wyeth com


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: Public key 0x1B57EB4D at: http://www.keyserver.net/en/
Filter: gpg4pine 4.1 (http://azzie.robotics.net)

iEYEARECAAYFAjoMUR0ACgkQV4sd1RtX6008KACglOeGJbRpZyG+4TX+RQ0wFd0F
8A0AoJUU7la2khy6JdadEhe4SQGZB3oh
=Brlw
-----END PGP SIGNATURE-----

Current thread:

Yahoo mail Darren Welch (Nov 11)
- Re: Yahoo mail Derick Schuetz (Nov 13)
- Re: Yahoo mail Sean Sosik-Hamor (Nov 13)
- Re: Yahoo mail Aaron D. Turner (Nov 13)
- Re: Yahoo mail Matt Wronkowski (Nov 13)
- <Possible follow-ups>
- Re: Yahoo mail J. Oquendo (Nov 13)