|
|
You're in the
dotnet security
group:accessing emails using owa ... traceable?
dotnet security:
my e-mail via our exchange server using a mac and IE, through microsoft outlook web access. There is a password 'system' in place that uses certain letters of our names - we are given our passwords and few people change them - we are trusting types. But it does mean that many of us know each other's passwords. My question is this... in such an 'open' environment, where so many people 'know' each other's passwords, are we all able to just surf each other's mailboxes without detection? I have read here of the 'event 1016' that shows up on the administration logs when someone other than the 'owner' of the account accesses the account. But does this hold true for web access? Is it the case that my e-mail account, or anyone else's for that matter, is an 'open book' when accessed this way or is there a way to detect who is who, especially when the user name and password are correct? Sometimes I read that 1016 shows up only when an unsuccessful attempt is made to access, other times I read that it is there every time. Can I, via getting with the administrator, prove that someone, who has my password and is accessing via the web, was reading my e-mail? Thanks in advance.
What difference would the logging make? If another user has your password,
they are you. Period. The only way you could differentiate them would be by the IP address of the client. This would generally be logged by IIS for OWA. However, if you don't know the IP address of various clients, it would be difficult to take advantage of this. It would also be very hard to prove anything by this. I wonder, if they are such trusting types, why even ask about such things. If you don't trust other people with your password, don't let them have it. Joe K. -- Joe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- "Bryan Phillips" <bphillips@nospam.crowechizek.com.spammenot> wrote in message news:%23onvBVh%23GHA.4888@TK2MSFTNGP04.phx.gbl... [quoted text, click to view] > The logging occurs regardless of the type of email client: Outlook, OWA, > or Outlook Mobile. Your Exchange administrator can increase the level of > auditing to log more details about the activity in your email account. > > Bryan Phillips > MCSD, MCDBA, MCSE > Blog: http://bphillips76.spaces.live.com > > > > > "help!!" <help!!@discussions.microsoft.com> wrote in message > news:D544588D-B9B9-40CE-85D0-90993196BAB5@microsoft.com: > >> Both at work (Entourage is too slow) and when I'm out of the office, I >> access >> my e-mail via our exchange server using a mac and IE, through microsoft >> outlook web access. There is a password 'system' in place that uses >> certain >> letters of our names - we are given our passwords and few people change >> them >> - we are trusting types. >> But it does mean that many of us know each other's passwords. My question >> is >> this... in such an 'open' environment, where so many people 'know' each >> other's passwords, are we all able to just surf each other's mailboxes >> without detection? I have read here of the 'event 1016' that shows up on >> the >> administration logs when someone other than the 'owner' of the account >> accesses the account. But does this hold true for web access? Is it the >> case >> that my e-mail account, or anyone else's for that matter, is an 'open >> book' >> when accessed this way or is there a way to detect who is who, especially >> when the user name and password are correct? Sometimes I read that 1016 >> shows >> up only when an unsuccessful attempt is made to access, other times I >> read >> that it is there every time. Can I, via getting with the administrator, >> prove >> that someone, who has my password and is accessing via the web, was >> reading >> my e-mail? >> Thanks in advance. >
The logging occurs regardless of the type of email client: Outlook, OWA,
or Outlook Mobile. Your Exchange administrator can increase the level of auditing to log more details about the activity in your email account. Bryan Phillips MCSD, MCDBA, MCSE Blog: http://bphillips76.spaces.live.com [quoted text, click to view] "help!!" <help!!@discussions.microsoft.com> wrote in message
news:D544588D-B9B9-40CE-85D0-90993196BAB5@microsoft.com: > Both at work (Entourage is too slow) and when I'm out of the office, I access > my e-mail via our exchange server using a mac and IE, through microsoft > outlook web access. There is a password 'system' in place that uses certain > letters of our names - we are given our passwords and few people change them > - we are trusting types. > But it does mean that many of us know each other's passwords. My question is > this... in such an 'open' environment, where so many people 'know' each > other's passwords, are we all able to just surf each other's mailboxes > without detection? I have read here of the 'event 1016' that shows up on the > administration logs when someone other than the 'owner' of the account > accesses the account. But does this hold true for web access? Is it the case > that my e-mail account, or anyone else's for that matter, is an 'open book' > when accessed this way or is there a way to detect who is who, especially > when the user name and password are correct? Sometimes I read that 1016 shows > up only when an unsuccessful attempt is made to access, other times I read > that it is there every time. Can I, via getting with the administrator, prove > that someone, who has my password and is accessing via the web, was reading > my e-mail? > Thanks in advance.
Would they be able to trace the IP address of the client ... even if the
client is behind a firewall at home? [quoted text, click to view] "Joe Kaplan" wrote:
> What difference would the logging make? If another user has your password, > they are you. Period. > > The only way you could differentiate them would be by the IP address of the > client. This would generally be logged by IIS for OWA. However, if you > don't know the IP address of various clients, it would be difficult to take > advantage of this. It would also be very hard to prove anything by this. > > I wonder, if they are such trusting types, why even ask about such things. > If you don't trust other people with your password, don't let them have it. > > Joe K. > > -- > Joe Kaplan-MS MVP Directory Services Programming > Co-author of "The .NET Developer's Guide to Directory Services Programming" > http://www.directoryprogramming.net > -- > "Bryan Phillips" <bphillips@nospam.crowechizek.com.spammenot> wrote in > message news:%23onvBVh%23GHA.4888@TK2MSFTNGP04.phx.gbl... > > The logging occurs regardless of the type of email client: Outlook, OWA, > > or Outlook Mobile. Your Exchange administrator can increase the level of > > auditing to log more details about the activity in your email account. > > > > Bryan Phillips > > MCSD, MCDBA, MCSE > > Blog: http://bphillips76.spaces.live.com > > > > > > > > > > "help!!" <help!!@discussions.microsoft.com> wrote in message > > news:D544588D-B9B9-40CE-85D0-90993196BAB5@microsoft.com: > > > >> Both at work (Entourage is too slow) and when I'm out of the office, I > >> access > >> my e-mail via our exchange server using a mac and IE, through microsoft > >> outlook web access. There is a password 'system' in place that uses > >> certain > >> letters of our names - we are given our passwords and few people change > >> them > >> - we are trusting types. > >> But it does mean that many of us know each other's passwords. My question > >> is > >> this... in such an 'open' environment, where so many people 'know' each > >> other's passwords, are we all able to just surf each other's mailboxes > >> without detection? I have read here of the 'event 1016' that shows up on > >> the > >> administration logs when someone other than the 'owner' of the account > >> accesses the account. But does this hold true for web access? Is it the > >> case > >> that my e-mail account, or anyone else's for that matter, is an 'open > >> book' > >> when accessed this way or is there a way to detect who is who, especially > >> when the user name and password are correct? Sometimes I read that 1016 > >> shows > >> up only when an unsuccessful attempt is made to access, other times I > >> read > >> that it is there every time. Can I, via getting with the administrator, > >> prove > >> that someone, who has my password and is accessing via the web, was > >> reading > >> my e-mail? > >> Thanks in advance. > > > >
Thank you so much for your replies.
I am not at all familiar with 'proxied' or 'NATed'. Just to confirm then (sorry I am not at all a "techie"). If this individual is accessing my email via owa remotely at home behind a firewall / router then there is no way to ascertain exactly who is accessing my email ... is this correct? I wont be able to pinpoint who it is. Thanks so very much!! [quoted text, click to view] "Joe Kaplan" wrote:
> They would only be able to trace back to the point where it was proxied or > NATed. Like I said, it would be very difficult to associate the IP > addresses with anyone in particular with any accuracy. > > Joe K. > > -- > Joe Kaplan-MS MVP Directory Services Programming > Co-author of "The .NET Developer's Guide to Directory Services Programming" > http://www.directoryprogramming.net > -- > "help!!" <help@discussions.microsoft.com> wrote in message > news:7EA15DED-94A8-4CF2-8755-94F74092BCCC@microsoft.com... > > Would they be able to trace the IP address of the client ... even if the > > client is behind a firewall at home? > > > > > > > > "Joe Kaplan" wrote: > > > >> What difference would the logging make? If another user has your > >> password, > >> they are you. Period. > >> > >> The only way you could differentiate them would be by the IP address of > >> the > >> client. This would generally be logged by IIS for OWA. However, if you > >> don't know the IP address of various clients, it would be difficult to > >> take > >> advantage of this. It would also be very hard to prove anything by this. > >> > >> I wonder, if they are such trusting types, why even ask about such > >> things. > >> If you don't trust other people with your password, don't let them have > >> it. > >> > >> Joe K. > >> > >> -- > >> Joe Kaplan-MS MVP Directory Services Programming > >> Co-author of "The .NET Developer's Guide to Directory Services > >> Programming" > >> http://www.directoryprogramming.net > >> -- > >> "Bryan Phillips" <bphillips@nospam.crowechizek.com.spammenot> wrote in > >> message news:%23onvBVh%23GHA.4888@TK2MSFTNGP04.phx.gbl... > >> > The logging occurs regardless of the type of email client: Outlook, > >> > OWA, > >> > or Outlook Mobile. Your Exchange administrator can increase the level > >> > of > >> > auditing to log more details about the activity in your email account. > >> > > >> > Bryan Phillips > >> > MCSD, MCDBA, MCSE > >> > Blog: http://bphillips76.spaces.live.com > >> > > >> > > >> > > >> > > >> > "help!!" <help!!@discussions.microsoft.com> wrote in message > >> > news:D544588D-B9B9-40CE-85D0-90993196BAB5@microsoft.com: > >> > > >> >> Both at work (Entourage is too slow) and when I'm out of the office, I > >> >> access > >> >> my e-mail via our exchange server using a mac and IE, through > >> >> microsoft > >> >> outlook web access. There is a password 'system' in place that uses > >> >> certain > >> >> letters of our names - we are given our passwords and few people > >> >> change > >> >> them > >> >> - we are trusting types. > >> >> But it does mean that many of us know each other's passwords. My > >> >> question > >> >> is > >> >> this... in such an 'open' environment, where so many people 'know' > >> >> each > >> >> other's passwords, are we all able to just surf each other's mailboxes > >> >> without detection? I have read here of the 'event 1016' that shows up > >> >> on > >> >> the > >> >> administration logs when someone other than the 'owner' of the account > >> >> accesses the account. But does this hold true for web access? Is it > >> >> the > >> >> case > >> >> that my e-mail account, or anyone else's for that matter, is an 'open > >> >> book' > >> >> when accessed this way or is there a way to detect who is who, > >> >> especially > >> >> when the user name and password are correct? Sometimes I read that > >> >> 1016 > >> >> shows > >> >> up only when an unsuccessful attempt is made to access, other times I > >> >> read > >> >> that it is there every time. Can I, via getting with the > >> >> administrator, > >> >> prove > >> >> that someone, who has my password and is accessing via the web, was > >> >> reading > >> >> my e-mail? > >> >> Thanks in advance. > >> > > >> > >> > >> > >
Sorry, just to clarify, I think my terminology might be wrong / confusing.
This other individual is accessing email through owa from home (Using IE) using my login / password. I am certain that it is behind a firewall / router and with dsl service. Not sure if this means the ip address is static or dynamic (not sure if it matters) and if it is at all traceable. I understand the event logging would monitor access to email onsite/at work from a client computer ... but how about when accessing from a remote location using the web (IE) and owa? ....sorry if this sounds confusing, I am not all that familiar with this or the wording Thanks again!! [quoted text, click to view] "help!!" wrote:
> Thank you so much for your replies. > > I am not at all familiar with 'proxied' or 'NATed'. Just to confirm then > (sorry I am not at all a "techie"). If this individual is accessing my email > via owa remotely at home behind a firewall / router then there is no way to > ascertain exactly who is accessing my email ... is this correct? I wont be > able to pinpoint who it is. > > Thanks so very much!! > > > "Joe Kaplan" wrote: > > > They would only be able to trace back to the point where it was proxied or > > NATed. Like I said, it would be very difficult to associate the IP > > addresses with anyone in particular with any accuracy. > > > > Joe K. > > > > -- > > Joe Kaplan-MS MVP Directory Services Programming > > Co-author of "The .NET Developer's Guide to Directory Services Programming" > > http://www.directoryprogramming.net > > -- > > "help!!" <help@discussions.microsoft.com> wrote in message > > news:7EA15DED-94A8-4CF2-8755-94F74092BCCC@microsoft.com... > > > Would they be able to trace the IP address of the client ... even if the > > > client is behind a firewall at home? > > > > > > > > > > > > "Joe Kaplan" wrote: > > > > > >> What difference would the logging make? If another user has your > > >> password, > > >> they are you. Period. > > >> > > >> The only way you could differentiate them would be by the IP address of > > >> the > > >> client. This would generally be logged by IIS for OWA. However, if you > > >> don't know the IP address of various clients, it would be difficult to > > >> take > > >> advantage of this. It would also be very hard to prove anything by this. > > >> > > >> I wonder, if they are such trusting types, why even ask about such > > >> things. > > >> If you don't trust other people with your password, don't let them have > > >> it. > > >> > > >> Joe K. > > >> > > >> -- > > >> Joe Kaplan-MS MVP Directory Services Programming > > >> Co-author of "The .NET Developer's Guide to Directory Services > > >> Programming" > > >> http://www.directoryprogramming.net > > >> -- > > >> "Bryan Phillips" <bphillips@nospam.crowechizek.com.spammenot> wrote in > > >> message news:%23onvBVh%23GHA.4888@TK2MSFTNGP04.phx.gbl... > > >> > The logging occurs regardless of the type of email client: Outlook, > > >> > OWA, > > >> > or Outlook Mobile. Your Exchange administrator can increase the level > > >> > of > > >> > auditing to log more details about the activity in your email account. > > >> > > > >> > Bryan Phillips > > >> > MCSD, MCDBA, MCSE > > >> > Blog: http://bphillips76.spaces.live.com > > >> > > > >> > > > >> > > > >> > > > >> > "help!!" <help!!@discussions.microsoft.com> wrote in message > > >> > news:D544588D-B9B9-40CE-85D0-90993196BAB5@microsoft.com: > > >> > > > >> >> Both at work (Entourage is too slow) and when I'm out of the office, I > > >> >> access > > >> >> my e-mail via our exchange server using a mac and IE, through > > >> >> microsoft > > >> >> outlook web access. There is a password 'system' in place that uses > > >> >> certain > > >> >> letters of our names - we are given our passwords and few people > > >> >> change > > >> >> them > > >> >> - we are trusting types. > > >> >> But it does mean that many of us know each other's passwords. My > > >> >> question > > >> >> is > > >> >> this... in such an 'open' environment, where so many people 'know' > > >> >> each > > >> >> other's passwords, are we all able to just surf each other's mailboxes > > >> >> without detection? I have read here of the 'event 1016' that shows up > > >> >> on > > >> >> the > > >> >> administration logs when someone other than the 'owner' of the account > > >> >> accesses the account. But does this hold true for web access? Is it > > >> >> the > > >> >> case > > >> >> that my e-mail account, or anyone else's for that matter, is an 'open > > >> >> book' > > >> >> when accessed this way or is there a way to detect who is who, > > >> >> especially > > >> >> when the user name and password are correct? Sometimes I read that > > >> >> 1016 > > >> >> shows > > >> >> up only when an unsuccessful attempt is made to access, other times I > > >> >> read > > >> >> that it is there every time. Can I, via getting with the > > >> >> administrator, > > >> >> prove > > >> >> that someone, who has my password and is accessing via the web, was > > >> >> reading > > >> >> my e-mail? > > >> >> Thanks in advance. > > >> > > > >> > > >> > > >> > > > >
They would only be able to trace back to the point where it was proxied or
NATed. Like I said, it would be very difficult to associate the IP addresses with anyone in particular with any accuracy. Joe K. -- Joe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- [quoted text, click to view] "help!!" <help@discussions.microsoft.com> wrote in message news:7EA15DED-94A8-4CF2-8755-94F74092BCCC@microsoft.com... > Would they be able to trace the IP address of the client ... even if the > client is behind a firewall at home? > > > > "Joe Kaplan" wrote: > >> What difference would the logging make? If another user has your >> password, >> they are you. Period. >> >> The only way you could differentiate them would be by the IP address of >> the >> client. This would generally be logged by IIS for OWA. However, if you >> don't know the IP address of various clients, it would be difficult to >> take >> advantage of this. It would also be very hard to prove anything by this. >> >> I wonder, if they are such trusting types, why even ask about such >> things. >> If you don't trust other people with your password, don't let them have >> it. >> >> Joe K. >> >> -- >> Joe Kaplan-MS MVP Directory Services Programming >> Co-author of "The .NET Developer's Guide to Directory Services >> Programming" >> http://www.directoryprogramming.net >> -- >> "Bryan Phillips" <bphillips@nospam.crowechizek.com.spammenot> wrote in >> message news:%23onvBVh%23GHA.4888@TK2MSFTNGP04.phx.gbl... >> > The logging occurs regardless of the type of email client: Outlook, >> > OWA, >> > or Outlook Mobile. Your Exchange administrator can increase the level >> > of >> > auditing to log more details about the activity in your email account. >> > >> > Bryan Phillips >> > MCSD, MCDBA, MCSE >> > Blog: http://bphillips76.spaces.live.com >> > >> > >> > >> > >> > "help!!" <help!!@discussions.microsoft.com> wrote in message >> > news:D544588D-B9B9-40CE-85D0-90993196BAB5@microsoft.com: >> > >> >> Both at work (Entourage is too slow) and when I'm out of the office, I >> >> access >> >> my e-mail via our exchange server using a mac and IE, through >> >> microsoft >> >> outlook web access. There is a password 'system' in place that uses >> >> certain >> >> letters of our names - we are given our passwords and few people >> >> change >> >> them >> >> - we are trusting types. >> >> But it does mean that many of us know each other's passwords. My >> >> question >> >> is >> >> this... in such an 'open' environment, where so many people 'know' >> >> each >> >> other's passwords, are we all able to just surf each other's mailboxes >> >> without detection? I have read here of the 'event 1016' that shows up >> >> on >> >> the >> >> administration logs when someone other than the 'owner' of the account >> >> accesses the account. But does this hold true for web access? Is it >> >> the >> >> case >> >> that my e-mail account, or anyone else's for that matter, is an 'open >> >> book' >> >> when accessed this way or is there a way to detect who is who, >> >> especially >> >> when the user name and password are correct? Sometimes I read that >> >> 1016 >> >> shows >> >> up only when an unsuccessful attempt is made to access, other times I >> >> read >> >> that it is there every time. Can I, via getting with the >> >> administrator, >> >> prove >> >> that someone, who has my password and is accessing via the web, was >> >> reading >> >> my e-mail? >> >> Thanks in advance. >> > >> >> >>
So, when the user connects via their ISP, they will get an IP address that
way. It might be static or dynamic via DHCP or PPPoE. In any case, only the ISP would be able to tell you which of its customers had that IP address at that time. When the user is behind a firewall router, then the traffic goes through network address translation (NAT) where they will have a private address behind the firewall (possibly many, depending on the complexity of the private network). Also, some ISPs use caching proxy servers which make all outbound web traffic appear to be from the same IP address (or set of IP addresses). The bottom line is that it would be very difficult for you to use the IP address logged by IIS or Exchange to figure out who the user was. Like I said before, if you were really concerned about making sure you knew who accessed your email, your best bet is to keep your passwords to yourselves. Joe K. -- Joe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- [quoted text, click to view] "help!!" <help@discussions.microsoft.com> wrote in message news:9044D518-27EE-4419-A8C1-61ECCECF9C91@microsoft.com... > Sorry, just to clarify, I think my terminology might be wrong / confusing. > > This other individual is accessing email through owa from home (Using IE) > using my login / password. I am certain that it is behind a firewall / > router and with dsl service. Not sure if this means the ip address is > static > or dynamic (not sure if it matters) and if it is at all traceable. I > understand the event logging would monitor access to email onsite/at work > from a client computer ... but how about when accessing from a remote > location using the web (IE) and owa? > ...sorry if this sounds confusing, I am not all that familiar with this or > the wording > > Thanks again!! > > > > "help!!" wrote: > >> Thank you so much for your replies. >> >> I am not at all familiar with 'proxied' or 'NATed'. Just to confirm then >> (sorry I am not at all a "techie"). If this individual is accessing my >> via owa remotely at home behind a firewall / router then there is no way >> to >> ascertain exactly who is accessing my email ... is this correct? I wont >> be >> able to pinpoint who it is. >> >> Thanks so very much!! >> >> >> "Joe Kaplan" wrote: >> >> > They would only be able to trace back to the point where it was proxied >> > or >> > NATed. Like I said, it would be very difficult to associate the IP >> > addresses with anyone in particular with any accuracy. >> > >> > Joe K. >> > >> > -- >> > Joe Kaplan-MS MVP Directory Services Programming >> > Co-author of "The .NET Developer's Guide to Directory Services >> > Programming" >> > http://www.directoryprogramming.net >> > -- >> > "help!!" <help@discussions.microsoft.com> wrote in message >> > news:7EA15DED-94A8-4CF2-8755-94F74092BCCC@microsoft.com... >> > > Would they be able to trace the IP address of the client ... even if >> > > the >> > > client is behind a firewall at home? >> > > >> > > >> > > >> > > "Joe Kaplan" wrote: >> > > >> > >> What difference would the logging make? If another user has your >> > >> password, >> > >> they are you. Period. >> > >> >> > >> The only way you could differentiate them would be by the IP address >> > >> of >> > >> the >> > >> client. This would generally be logged by IIS for OWA. However, >> > >> if you >> > >> don't know the IP address of various clients, it would be difficult >> > >> to >> > >> take >> > >> advantage of this. It would also be very hard to prove anything by >> > >> this. >> > >> >> > >> I wonder, if they are such trusting types, why even ask about such >> > >> things. >> > >> If you don't trust other people with your password, don't let them >> > >> have >> > >> it. >> > >> >> > >> Joe K. >> > >> >> > >> -- >> > >> Joe Kaplan-MS MVP Directory Services Programming >> > >> Co-author of "The .NET Developer's Guide to Directory Services >> > >> Programming" >> > >> http://www.directoryprogramming.net >> > >> -- >> > >> "Bryan Phillips" <bphillips@nospam.crowechizek.com.spammenot> wrote >> > >> in >> > >> message news:%23onvBVh%23GHA.4888@TK2MSFTNGP04.phx.gbl... >> > >> > The logging occurs regardless of the type of email client: >> > >> > Outlook, >> > >> > OWA, >> > >> > or Outlook Mobile. Your Exchange administrator can increase the >> > >> > level >> > >> > of >> > >> > auditing to log more details about the activity in your email >> > >> > account. >> > >> > >> > >> > Bryan Phillips >> > >> > MCSD, MCDBA, MCSE >> > >> > Blog: http://bphillips76.spaces.live.com >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > "help!!" <help!!@discussions.microsoft.com> wrote in message >> > >> > news:D544588D-B9B9-40CE-85D0-90993196BAB5@microsoft.com: >> > >> > >> > >> >> Both at work (Entourage is too slow) and when I'm out of the >> > >> >> office, I >> > >> >> access >> > >> >> my e-mail via our exchange server using a mac and IE, through >> > >> >> microsoft >> > >> >> outlook web access. There is a password 'system' in place that >> > >> >> uses >> > >> >> certain >> > >> >> letters of our names - we are given our passwords and few people >> > >> >> change >> > >> >> them >> > >> >> - we are trusting types. >> > >> >> But it does mean that many of us know each other's passwords. My >> > >> >> question >> > >> >> is >> > >> >> this... in such an 'open' environment, where so many people >> > >> >> 'know' >> > >> >> each >> > >> >> other's passwords, are we all able to just surf each other's >> > >> >> mailboxes >> > >> >> without detection? I have read here of the 'event 1016' that >> > >> >> shows up >> > >> >> on >> > >> >> the >> > >> >> administration logs when someone other than the 'owner' of the >> > >> >> account >> > >> >> accesses the account. But does this hold true for web access? Is >> > >> >> it >> > >> >> the >> > >> >> case >> > >> >> that my e-mail account, or anyone else's for that matter, is an >> > >> >> 'open >> > >> >> book' >> > >> >> when accessed this way or is there a way to detect who is who, >> > >> >> especially >> > >> >> when the user name and password are correct? Sometimes I read >> > >> >> that >> > >> >> 1016 >> > >> >> shows >> > >> >> up only when an unsuccessful attempt is made to access, other >> > >> >> times I >> > >> >> read >> > >> >> that it is there every time. Can I, via getting with the >> > >> >> administrator, >> > >> >> prove >> > >> >> that someone, who has my password and is accessing via the web, >> > >> >> was >> > >> >> reading >> > >> >> my e-mail? >> > >> >> Thanks in advance. >> > >> > >> > >> >> > >> >> > >> >> > >> > >> >
Thanks so much for all your help Joe.
Seeing how there would be no way to trace it / track down the person the best thing at this point would be to change my password and keep it private. Thanks again!! [quoted text, click to view] "Joe Kaplan" wrote:
> So, when the user connects via their ISP, they will get an IP address that > way. It might be static or dynamic via DHCP or PPPoE. In any case, only > the ISP would be able to tell you which of its customers had that IP address > at that time. When the user is behind a firewall router, then the traffic > goes through network address translation (NAT) where they will have a > private address behind the firewall (possibly many, depending on the > complexity of the private network). > > Also, some ISPs use caching proxy servers which make all outbound web > traffic appear to be from the same IP address (or set of IP addresses). > > The bottom line is that it would be very difficult for you to use the IP > address logged by IIS or Exchange to figure out who the user was. Like I > said before, if you were really concerned about making sure you knew who > accessed your email, your best bet is to keep your passwords to yourselves. > > Joe K. > > -- > Joe Kaplan-MS MVP Directory Services Programming > Co-author of "The .NET Developer's Guide to Directory Services Programming" > http://www.directoryprogramming.net > -- > "help!!" <help@discussions.microsoft.com> wrote in message > news:9044D518-27EE-4419-A8C1-61ECCECF9C91@microsoft.com... > > Sorry, just to clarify, I think my terminology might be wrong / confusing. > > > > This other individual is accessing email through owa from home (Using IE) > > using my login / password. I am certain that it is behind a firewall / > > router and with dsl service. Not sure if this means the ip address is > > static > > or dynamic (not sure if it matters) and if it is at all traceable. I > > understand the event logging would monitor access to email onsite/at work > > from a client computer ... but how about when accessing from a remote > > location using the web (IE) and owa? > > ...sorry if this sounds confusing, I am not all that familiar with this or > > the wording > > > > Thanks again!! > > > > > > > > "help!!" wrote: > > > >> Thank you so much for your replies. > >> > >> I am not at all familiar with 'proxied' or 'NATed'. Just to confirm then > >> (sorry I am not at all a "techie"). If this individual is accessing my > >> via owa remotely at home behind a firewall / router then there is no way > >> to > >> ascertain exactly who is accessing my email ... is this correct? I wont > >> be > >> able to pinpoint who it is. > >> > >> Thanks so very much!! > >> > >> > >> "Joe Kaplan" wrote: > >> > >> > They would only be able to trace back to the point where it was proxied > >> > or > >> > NATed. Like I said, it would be very difficult to associate the IP > >> > addresses with anyone in particular with any accuracy. > >> > > >> > Joe K. > >> > > >> > -- > >> > Joe Kaplan-MS MVP Directory Services Programming > >> > Co-author of "The .NET Developer's Guide to Directory Services > >> > Programming" > >> > http://www.directoryprogramming.net > >> > -- > >> > "help!!" <help@discussions.microsoft.com> wrote in message > >> > news:7EA15DED-94A8-4CF2-8755-94F74092BCCC@microsoft.com... > >> > > Would they be able to trace the IP address of the client ... even if > >> > > the > >> > > client is behind a firewall at home? > >> > > > >> > > > >> > > > >> > > "Joe Kaplan" wrote: > >> > > > >> > >> What difference would the logging make? If another user has your > >> > >> password, > >> > >> they are you. Period. > >> > >> > >> > >> The only way you could differentiate them would be by the IP address > >> > >> of > >> > >> the > >> > >> client. This would generally be logged by IIS for OWA. However, > >> > >> if you > >> > >> don't know the IP address of various clients, it would be difficult > >> > >> to > >> > >> take > >> > >> advantage of this. It would also be very hard to prove anything by > >> > >> this. > >> > >> > >> > >> I wonder, if they are such trusting types, why even ask about such > >> > >> things. > >> > >> If you don't trust other people with your password, don't let them > >> > >> have > >> > >> it. > >> > >> > >> > >> Joe K. > >> > >> > >> > >> -- > >> > >> Joe Kaplan-MS MVP Directory Services Programming > >> > >> Co-author of "The .NET Developer's Guide to Directory Services > >> > >> Programming" > >> > >> http://www.directoryprogramming.net > >> > >> -- > >> > >> "Bryan Phillips" <bphillips@nospam.crowechizek.com.spammenot> wrote > >> > >> in > >> > >> message news:%23onvBVh%23GHA.4888@TK2MSFTNGP04.phx.gbl... > >> > >> > The logging occurs regardless of the type of email client: > >> > >> > Outlook, > >> > >> > OWA, > >> > >> > or Outlook Mobile. Your Exchange administrator can increase the > >> > >> > level > >> > >> > of > >> > >> > auditing to log more details about the activity in your email > >> > >> > account. > >> > >> > > >> > >> > Bryan Phillips > >> > >> > MCSD, MCDBA, MCSE > >> > >> > Blog: http://bphillips76.spaces.live.com > >> > >> > > >> > >> > > >> > >> > > >> > >> > > >> > >> > "help!!" <help!!@discussions.microsoft.com> wrote in message > >> > >> > news:D544588D-B9B9-40CE-85D0-90993196BAB5@microsoft.com: > >> > >> > > >> > >> >> Both at work (Entourage is too slow) and when I'm out of the > >> > >> >> office, I > >> > >> >> access > >> > >> >> my e-mail via our exchange server using a mac and IE, through > >> > >> >> microsoft > >> > >> >> outlook web access. There is a password 'system' in place that > >> > >> >> uses > >> > >> >> certain > >> > >> >> letters of our names - we are given our passwords and few people > >> > >> >> change > >> > >> >> them > >> > >> >> - we are trusting types. > >> > >> >> But it does mean that many of us know each other's passwords. My > >> > >> >> question > >> > >> >> is > >> > >> >> this... in such an 'open' environment, where so many people > >> > >> >> 'know' > >> > >> >> each > >> > >> >> other's passwords, are we all able to just surf each other's > >> > >> >> mailboxes > >> > >> >> without detection? I have read here of the 'event 1016' that > >> > >> >> shows up > >> > >> >> on > >> > >> >> the > >> > >> >> administration logs when someone other than the 'owner' of the > >> > >> >> account > >> > >> >> accesses the account. But does this hold true for web access? Is > >> > >> >> it > >> > >> >> the > >> > >> >> case > >> > >> >> that my e-mail account, or anyone else's for that matter, is an > >> > >> >> 'open > >> > >> >> book' > >> > >> >> when accessed this way or is there a way to detect who is who, > >> > >> >> especially
Sorry one more question...
....what if they are accessing their own email via owa from home as well as mine ... can it be traced / verified this way? ... based on IP addresses? [quoted text, click to view] "Joe Kaplan" wrote:
> So, when the user connects via their ISP, they will get an IP address that > way. It might be static or dynamic via DHCP or PPPoE. In any case, only > the ISP would be able to tell you which of its customers had that IP address > at that time. When the user is behind a firewall router, then the traffic > goes through network address translation (NAT) where they will have a > private address behind the firewall (possibly many, depending on the > complexity of the private network). > > Also, some ISPs use caching proxy servers which make all outbound web > traffic appear to be from the same IP address (or set of IP addresses). > > The bottom line is that it would be very difficult for you to use the IP > address logged by IIS or Exchange to figure out who the user was. Like I > said before, if you were really concerned about making sure you knew who > accessed your email, your best bet is to keep your passwords to yourselves. > > Joe K. > > -- > Joe Kaplan-MS MVP Directory Services Programming > Co-author of "The .NET Developer's Guide to Directory Services Programming" > http://www.directoryprogramming.net > -- > "help!!" <help@discussions.microsoft.com> wrote in message > news:9044D518-27EE-4419-A8C1-61ECCECF9C91@microsoft.com... > > Sorry, just to clarify, I think my terminology might be wrong / confusing. > > > > This other individual is accessing email through owa from home (Using IE) > > using my login / password. I am certain that it is behind a firewall / > > router and with dsl service. Not sure if this means the ip address is > > static > > or dynamic (not sure if it matters) and if it is at all traceable. I > > understand the event logging would monitor access to email onsite/at work > > from a client computer ... but how about when accessing from a remote > > location using the web (IE) and owa? > > ...sorry if this sounds confusing, I am not all that familiar with this or > > the wording > > > > Thanks again!! > > > > > > > > "help!!" wrote: > > > >> Thank you so much for your replies. > >> > >> I am not at all familiar with 'proxied' or 'NATed'. Just to confirm then > >> (sorry I am not at all a "techie"). If this individual is accessing my > >> via owa remotely at home behind a firewall / router then there is no way > >> to > >> ascertain exactly who is accessing my email ... is this correct? I wont > >> be > >> able to pinpoint who it is. > >> > >> Thanks so very much!! > >> > >> > >> "Joe Kaplan" wrote: > >> > >> > They would only be able to trace back to the point where it was proxied > >> > or > >> > NATed. Like I said, it would be very difficult to associate the IP > >> > addresses with anyone in particular with any accuracy. > >> > > >> > Joe K. > >> > > >> > -- > >> > Joe Kaplan-MS MVP Directory Services Programming > >> > Co-author of "The .NET Developer's Guide to Directory Services > >> > Programming" > >> > http://www.directoryprogramming.net > >> > -- > >> > "help!!" <help@discussions.microsoft.com> wrote in message > >> > news:7EA15DED-94A8-4CF2-8755-94F74092BCCC@microsoft.com... > >> > > Would they be able to trace the IP address of the client ... even if > >> > > the > >> > > client is behind a firewall at home? > >> > > > >> > > > >> > > > >> > > "Joe Kaplan" wrote: > >> > > > >> > >> What difference would the logging make? If another user has your > >> > >> password, > >> > >> they are you. Period. > >> > >> > >> > >> The only way you could differentiate them would be by the IP address > >> > >> of > >> > >> the > >> > >> client. This would generally be logged by IIS for OWA. However, > >> > >> if you > >> > >> don't know the IP address of various clients, it would be difficult > >> > >> to > >> > >> take > >> > >> advantage of this. It would also be very hard to prove anything by > >> > >> this. > >> > >> > >> > >> I wonder, if they are such trusting types, why even ask about such > >> > >> things. > >> > >> If you don't trust other people with your password, don't let them > >> > >> have > >> > >> it. > >> > >> > >> > >> Joe K. > >> > >> > >> > >> -- > >> > >> Joe Kaplan-MS MVP Directory Services Programming > >> > >> Co-author of "The .NET Developer's Guide to Directory Services > >> > >> Programming" > >> > >> http://www.directoryprogramming.net > >> > >> -- > >> > >> "Bryan Phillips" <bphillips@nospam.crowechizek.com.spammenot> wrote > >> > >> in > >> > >> message news:%23onvBVh%23GHA.4888@TK2MSFTNGP04.phx.gbl... > >> > >> > The logging occurs regardless of the type of email client: > >> > >> > Outlook, > >> > >> > OWA, > >> > >> > or Outlook Mobile. Your Exchange administrator can increase the > >> > >> > level > >> > >> > of > >> > >> > auditing to log more details about the activity in your email > >> > >> > account. > >> > >> > > >> > >> > Bryan Phillips > >> > >> > MCSD, MCDBA, MCSE > >> > >> > Blog: http://bphillips76.spaces.live.com > >> > >> > > >> > >> > > >> > >> > > >> > >> > > >> > >> > "help!!" <help!!@discussions.microsoft.com> wrote in message > >> > >> > news:D544588D-B9B9-40CE-85D0-90993196BAB5@microsoft.com: > >> > >> > > >> > >> >> Both at work (Entourage is too slow) and when I'm out of the > >> > >> >> office, I > >> > >> >> access > >> > >> >> my e-mail via our exchange server using a mac and IE, through > >> > >> >> microsoft > >> > >> >> outlook web access. There is a password 'system' in place that > >> > >> >> uses > >> > >> >> certain > >> > >> >> letters of our names - we are given our passwords and few people > >> > >> >> change > >> > >> >> them > >> > >> >> - we are trusting types. > >> > >> >> But it does mean that many of us know each other's passwords. My > >> > >> >> question > >> > >> >> is > >> > >> >> this... in such an 'open' environment, where so many people > >> > >> >> 'know' > >> > >> >> each > >> > >> >> other's passwords, are we all able to just surf each other's > >> > >> >> mailboxes > >> > >> >> without detection? I have read here of the 'event 1016' that > >> > >> >> shows up > >> > >> >> on > >> > >> >> the > >> > >> >> administration logs when someone other than the 'owner' of the > >> > >> >> account > >> > >> >> accesses the account. But does this hold true for web access? Is > >> > >> >> it > >> > >> >> the > >> > >> >> case > >> > >> >> that my e-mail account, or anyone else's for that matter, is an > >> > >> >> 'open > >> > >> >> book' > >> > >> >> when accessed this way or is there a way to detect who is who, > >> > >> >> especially > >> > >> >> when the user name and password are correct? Sometimes I read > >> > >> >> that
It has the exact same limitations that were previously discussed.
Joe K. -- Joe Kaplan-MS MVP Directory Services Programming Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net -- [quoted text, click to view] "help!!" <help@discussions.microsoft.com> wrote in message news:D562B5A9-2679-46A8-B954-3C17B03916C3@microsoft.com... > Sorry one more question... > > ...what if they are accessing their own email via owa from home as well as > mine ... can it be traced / verified this way? ... based on IP addresses? >
If they access diffent mailboxes from the same client, on the same
time (before a release of the public ip-adress), they will be logged with the same ip-adress. On Mon, 30 Oct 2006 04:05:02 -0800, help!! [quoted text, click to view] <help@discussions.microsoft.com> wrote:
>Sorry one more question... > >...what if they are accessing their own email via owa from home as well as >mine ... can it be traced / verified this way? ... based on IP addresses? > > > >"Joe Kaplan" wrote: > >> So, when the user connects via their ISP, they will get an IP address that >> way. It might be static or dynamic via DHCP or PPPoE. In any case, only >> the ISP would be able to tell you which of its customers had that IP address >> at that time. When the user is behind a firewall router, then the traffic >> goes through network address translation (NAT) where they will have a >> private address behind the firewall (possibly many, depending on the >> complexity of the private network). >> >> Also, some ISPs use caching proxy servers which make all outbound web >> traffic appear to be from the same IP address (or set of IP addresses). >> >> The bottom line is that it would be very difficult for you to use the IP >> address logged by IIS or Exchange to figure out who the user was. Like I >> said before, if you were really concerned about making sure you knew who >> accessed your email, your best bet is to keep your passwords to yourselves. >> >> Joe K. >> >> -- >> Joe Kaplan-MS MVP Directory Services Programming >> Co-author of "The .NET Developer's Guide to Directory Services Programming" >> http://www.directoryprogramming.net >> -- >> "help!!" <help@discussions.microsoft.com> wrote in message >> news:9044D518-27EE-4419-A8C1-61ECCECF9C91@microsoft.com... >> > Sorry, just to clarify, I think my terminology might be wrong / confusing. >> > >> > This other individual is accessing email through owa from home (Using IE) >> > using my login / password. I am certain that it is behind a firewall / >> > router and with dsl service. Not sure if this means the ip address is >> > static >> > or dynamic (not sure if it matters) and if it is at all traceable. I >> > understand the event logging would monitor access to email onsite/at work >> > from a client computer ... but how about when accessing from a remote >> > location using the web (IE) and owa? >> > ...sorry if this sounds confusing, I am not all that familiar with this or >> > the wording >> > >> > Thanks again!! >> > >> > >> > >> > "help!!" wrote: >> > >> >> Thank you so much for your replies. >> >> >> >> I am not at all familiar with 'proxied' or 'NATed'. Just to confirm then >> >> (sorry I am not at all a "techie"). If this individual is accessing my >> >> via owa remotely at home behind a firewall / router then there is no way >> >> to >> >> ascertain exactly who is accessing my email ... is this correct? I wont >> >> be >> >> able to pinpoint who it is. >> >> >> >> Thanks so very much!! >> >> >> >> >> >> "Joe Kaplan" wrote: >> >> >> >> > They would only be able to trace back to the point where it was proxied >> >> > or >> >> > NATed. Like I said, it would be very difficult to associate the IP >> >> > addresses with anyone in particular with any accuracy. >> >> > >> >> > Joe K. >> >> > >> >> > -- >> >> > Joe Kaplan-MS MVP Directory Services Programming >> >> > Co-author of "The .NET Developer's Guide to Directory Services >> >> > Programming" >> >> > http://www.directoryprogramming.net >> >> > -- >> >> > "help!!" <help@discussions.microsoft.com> wrote in message >> >> > news:7EA15DED-94A8-4CF2-8755-94F74092BCCC@microsoft.com... >> >> > > Would they be able to trace the IP address of the client ... even if >> >> > > the >> >> > > client is behind a firewall at home? >> >> > > >> >> > > >> >> > > >> >> > > "Joe Kaplan" wrote: >> >> > > >> >> > >> What difference would the logging make? If another user has your >> >> > >> password, >> >> > >> they are you. Period. >> >> > >> >> >> > >> The only way you could differentiate them would be by the IP address >> >> > >> of >> >> > >> the >> >> > >> client. This would generally be logged by IIS for OWA. However, >> >> > >> if you >> >> > >> don't know the IP address of various clients, it would be difficult >> >> > >> to >> >> > >> take >> >> > >> advantage of this. It would also be very hard to prove anything by >> >> > >> this. >> >> > >> >> >> > >> I wonder, if they are such trusting types, why even ask about such >> >> > >> things. >> >> > >> If you don't trust other people with your password, don't let them >> >> > >> have >> >> > >> it. >> >> > >> >> >> > >> Joe K. >> >> > >> >> >> > >> -- >> >> > >> Joe Kaplan-MS MVP Directory Services Programming >> >> > >> Co-author of "The .NET Developer's Guide to Directory Services >> >> > >> Programming" >> >> > >> http://www.directoryprogramming.net >> >> > >> -- >> >> > >> "Bryan Phillips" <bphillips@nospam.crowechizek.com.spammenot> wrote >> >> > >> in >> >> > >> message news:%23onvBVh%23GHA.4888@TK2MSFTNGP04.phx.gbl... >> >> > >> > The logging occurs regardless of the type of email client: >> >> > >> > Outlook, >> >> > >> > OWA, >> >> > >> > or Outlook Mobile. Your Exchange administrator can increase the >> >> > >> > level >> >> > >> > of >> >> > >> > auditing to log more details about the activity in your email >> >> > >> > account. >> >> > >> > >> >> > >> > Bryan Phillips >> >> > >> > MCSD, MCDBA, MCSE >> >> > >> > Blog: http://bphillips76.spaces.live.com >> >> > >> > >> >> > >> > >> >> > >> > >> >> > >> > >> >> > >> > "help!!" <help!!@discussions.microsoft.com> wrote in message >> >> > >> > news:D544588D-B9B9-40CE-85D0-90993196BAB5@microsoft.com: >> >> > >> > >> >> > >> >> Both at work (Entourage is too slow) and when I'm out of the >> >> > >> >> office, I >> >> > >> >> access >> >> > >> >> my e-mail via our exchange server using a mac and IE, through >> >> > >> >> microsoft >> >> > >> >> outlook web access. There is a password 'system' in place that >> >> > >> >> uses >> >> > >> >> certain >> >> > >> >> letters of our names - we are given our passwords and few people >> >> > >> >> change >> >> > >> >> them >> >> > >> >> - we are trusting types. >> >> > >> >> But it does mean that many of us know each other's passwords. My >> >> > >> >> question >> >> > >> >> is >> >> > >> >> this... in such an 'open' environment, where so many people >> >> > >> >> 'know' >> >> > >> >> each >> >> > >> >> other's passwords, are we all able to just surf each other's >> >> > >> >> mailboxes >> >> > >> >> without detection? I have read here of the 'event 1016' that >> >> > >> >> shows up >> >> > >> >> on >> >> > >> >> the >> >> > >> >> administration logs when someone other than the 'owner' of the >> >> > >> >> account
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
| home · blog · groups | Questions? Comments? Contact the dn |