Just a question ...

For beginners, flames not allowed...(just by the staff :P)
Post Reply
User avatar
zephire
Newbie
Newbie
Posts: 1
Joined: 31 May 2006, 16:00
15

Just a question ...

Post by zephire »

Hi all,

I've been browsing the internet and stumbled upon this forum so I thaught I'd give it a go and post my question right here.

Note for Admin: If this question is prohibited or in violation with your board's policies please remove this post asap and I apologize.

Recently there has been some commotion at the place where I work because of e-mails sent to supervisors and management. These e-mails where sent by a Hotmail.com address made up from names of people working at the firm.
Problem is the person sending these e-mails is deliberatly sending false information to the superiors this will probably lead to people getting fired or being reprimanded for the things they didn't actually send. I've been looking into the matter allthough I'm far from a computer specialist I was able to get the IP addresses from who-ever wrote this emails.
As I went looking for the origin of the IP addresses I found that three of the e-mails sent over a period of 5 days all had the same IP address, two others also had a same address. So this left me with two IP addresses and both came up with the same ISP.
Now for the question...
Is there any way you can find out the name of the person using that IP address? As all my IP searches seem to end with only the name of the ISP...
As someone told me that there is a possibility to use the IP found and get a name of his/her computer or even a username of the windowsversion.

If someone could help me out with this matter I would really appreciate this as both the victims to these "fake emails" are good people and I wouldn't like to see them lose their jobs over something like this. Nor would I like the fact that another co-worker would be behind all of this...

Thanks for your attention (and maybe help)

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11609
Joined: 06 Apr 2005, 16:00
16
Location: The zone.
Contact:

Post by bad_brain »

this will not be easy, man. you will need a lawyer and he has to contact the ISP and demand the info in order to start a law suit. that´s the only way (yeeeahhh...some might say "hack the server", but that´s ridiculous).
this will not be cheap and might take a lot of effort and time, so well, it would be only worth it if you really plan to sue the sender of the emails.... :?
and where you got the IP adresses from? email-header? if yes these IPs are most likely the ones of the email daemon from where (hotmail in this case) the mails have been sent and NOT the ones of the persons which originally sent the mails (for example: when I send you an email from my @suck-o.com accounts you´ll get the IP of the server where suck-o.com is on, and not the IP I use to connect to the internet). but this depends on the email headers, some give more info than others, depends on the mail daemons.... :wink:

User avatar
DNR
Digital Mercenary
Digital Mercenary
Posts: 6114
Joined: 24 Feb 2006, 17:00
15
Location: Michigan USA
Contact:

email spoof

Post by DNR »

Download the freeware SamSpade at samspade.org, it will help you parse out the IPs and run whois for you at a push of a few keys.

The inherent defect of the internet is lack of repudiation - meaning proof that email only came from the sender. PGP keys, encryption of email, and screening spoofed email addys are ways to stop email spoofing.

Continue trying to track the ip of the machine sending the emails, its your only link to a suspect.

A trap could be set, write a html email doc and implant a webbug to snag the IP of the receiver. A webbug is a tiny .gif that has to be retrieved from a server - that server will snag the IP of the person opening the email.

If you have a suspect and he is using a company computer, install a keylogger.

DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.

Post Reply