Security Basics mailing list archives
RE: Tracking down anonymous user
From: <jbeauford () EightInOnePet com>
Date: Fri, 29 Dec 2006 09:44:13 -0500
Another way to go about this is to find some unique part of the email that may help identify the tool used to craft it. For instance, Ghostmail. If you can identify the program used, in my case (GM.exe by default), you might be able to search some filesystems for the particular program. Also, what about searching for all files accessed on the date the email was sent? The email was probably sent from some admin machine. Just some thoughts. JMB mikef () everfast com wrote:
I thought it was odd that outlook didn't display any header information either. I checked for the headers at the recipient's computer but it's blank. I've been through all the log files that I have and made some adjustments for future requirements. The part that really has me concerned is that the account used is a high level account which should only be used for SQL processes.
Current thread:
- Tracking down anonymous user mikef (Dec 27)
- RE: Tracking down anonymous user Mike Erne (Dec 29)
- Re: Tracking down anonymous user intel96 (Dec 29)
- RE: Tracking down anonymous user Thomas D. (Dec 29)
- RE: Tracking down anonymous user Murda Mcloud (Dec 29)
- RE: Tracking down anonymous user tima soni (Dec 29)
- <Possible follow-ups>
- Re: Tracking down anonymous user mikef (Dec 29)
- Re: Tracking down anonymous user Raoul Armfield (Dec 29)
- RE: Tracking down anonymous user jbeauford (Dec 29)
- Re: Tracking down anonymous user bobby . breeze (Dec 29)
- Re: Tracking down anonymous user svavar (Dec 29)
- RE: Tracking down anonymous user Christopher Carnelian (Dec 29)