Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
676
Views
5
Helpful
2
Replies

Can a spoofing attack be tracked back to the actual creator using raw source and header info?

ceK1ng
Level 1
Level 1

‎03-08-2015 10:43 PM

My e-mail address was used to send 100 confidential, purloined e-mails to myself and two other individuals.

I would like to find out from an expert if there is any way to trace the spoofing back to the individual who originated the attack.

We have the headers and raw sources from all three of the individuals who received the stollen content.

 

Labels:
0 Helpful
2 Replies 2

Mathew Huynh
Cisco Employee
Cisco Employee

‎03-09-2015 06:10 PM

Hello,

 

From the headers you may be able to find out the originating IP address or the first server that received the email transaction and it may show the originating or system that generated the email to send to the first mail-hop

 

However to determine which person or further details as to who hacked into your email address; from my knowledge i don't think you will be able to completely find that out with just headers as it may have been an intrusion done within your local (internal) network as well.

 

The headers i would suggest to look at is the very first received header or originating IP header within the email sauce from the bottom going up.

ceK1ng
Level 1
Level 1
In response to Mathew Huynh

‎03-09-2015 11:49 PM

Thanks very much for the concise answer. Since posting, I figured out that what looked like a spoofing attack turned out to be an operator error in the use of iMac PowerBook mail "rules". The automated responses in iMac Mail/yosemite 10.2 do not show up as "sent" emails. For six days I kept staring at the email outbound items at the time of the "attack" and finally realized that I had most likely activated an automated response for emails of a particular sort already on hand in my in-box. That triggered an outbound but unrevealed mail send of some 200 emails to three individuals. I think Apple should have a separate box for automated responses -- a log of outbound automated sends. Because I use a POP protocol there was no record on my mail server for the outbound mails, either. All of which, in this day and age of ubiquitous hacking, led me to believe I'd been "spoofed", when in fact I was chasing my own tail for five days.

0 Helpful
Customers Also Viewed These Support Documents