Re[2]: Distressing, possibly life threatening emails from free accou nts (yahoo, hotmail

From: Street <streetseeker(at)mail.ru>
Date: Sat May 31 2003 - 13:30:12 EDT

Hello Sonja,

Friday, May 30, 2003, 5:56:43 PM, you wrote:

RS> 1. Save the e-mail in all its entirety.  Make sure ALL headers are saved.
RS> 2. perform header traceback as far as possible ensuring that the e-mail
RS> address is not spoofed.  If it is traceback to proper ISP.
RS> 3.  Once this is performed take it to the users local/county PD and have
RS> them subpoena the ISP for the user records.
RS> 4.  If you provide me with a geographic location of the user I will help you
RS> find a contact there.  

RS> Sonja Robinson, CISA
RS> Network Security Analyst
RS> HIP Health Plans

RS> Office: 212-806-4125
RS> Pager: 8884238615

RS> -----Original Message-----
RS> From: steve baker [mailto:stephenbbaker@hotmail.com] 
RS> Sent: Tuesday, May 27, 2003 12:39 PM
RS> To: 
RS> Subject: Distressing, possibly life threatening emails from free accounts
RS> (yahoo, hotmail


RS> One of our users has received questionable and possibly life threatening

RS> emails from a yahoo account that was created recently. They have approached RS> us to find out as much as we can pertaining to the person sending it.

RS> Of course, we are not YAHOO so we cannot determine anything about the mail RS> other than the content.

RS> How can we find out who sent this?

You see, if the "terrorist" is smart enough, there is no way to detect his identity. If the attacker will use a chain of proxies and will combine the letter via Telnet-session, even the log-files of mail server will not help you in any way.

-- 
Best regards,
 Street                            mailto:streetseeker@mail.ru


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Received on Mon Jun 2 17:25:51 2003