Re: accessing emails using owa ... traceable?

Sorry one more question...

....what if they are accessing their own email via owa from home as well as
mine ... can it be traced / verified this way? ... based on IP addresses?



"Joe Kaplan" wrote:

So, when the user connects via their ISP, they will get an IP address that
way. It might be static or dynamic via DHCP or PPPoE. In any case, only
the ISP would be able to tell you which of its customers had that IP address
at that time. When the user is behind a firewall router, then the traffic
goes through network address translation (NAT) where they will have a
private address behind the firewall (possibly many, depending on the
complexity of the private network).

Also, some ISPs use caching proxy servers which make all outbound web
traffic appear to be from the same IP address (or set of IP addresses).

The bottom line is that it would be very difficult for you to use the IP
address logged by IIS or Exchange to figure out who the user was. Like I
said before, if you were really concerned about making sure you knew who
accessed your email, your best bet is to keep your passwords to yourselves.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"help!!" <help@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9044D518-27EE-4419-A8C1-61ECCECF9C91@xxxxxxxxxxxxxxxx
Sorry, just to clarify, I think my terminology might be wrong / confusing.

This other individual is accessing email through owa from home (Using IE)
using my login / password. I am certain that it is behind a firewall /
router and with dsl service. Not sure if this means the ip address is
static
or dynamic (not sure if it matters) and if it is at all traceable. I
understand the event logging would monitor access to email onsite/at work
from a client computer ... but how about when accessing from a remote
location using the web (IE) and owa?
...sorry if this sounds confusing, I am not all that familiar with this or
the wording

Thanks again!!



"help!!" wrote:

Thank you so much for your replies.

I am not at all familiar with 'proxied' or 'NATed'. Just to confirm then
(sorry I am not at all a "techie"). If this individual is accessing my
email
via owa remotely at home behind a firewall / router then there is no way
to
ascertain exactly who is accessing my email ... is this correct? I wont
be
able to pinpoint who it is.

Thanks so very much!!


"Joe Kaplan" wrote:

They would only be able to trace back to the point where it was proxied
or
NATed. Like I said, it would be very difficult to associate the IP
addresses with anyone in particular with any accuracy.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"help!!" <help@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:7EA15DED-94A8-4CF2-8755-94F74092BCCC@xxxxxxxxxxxxxxxx
Would they be able to trace the IP address of the client ... even if
the
client is behind a firewall at home?



"Joe Kaplan" wrote:

What difference would the logging make? If another user has your
password,
they are you. Period.

The only way you could differentiate them would be by the IP address
of
the
client. This would generally be logged by IIS for OWA. However,
if you
don't know the IP address of various clients, it would be difficult
to
take
advantage of this. It would also be very hard to prove anything by
this.

I wonder, if they are such trusting types, why even ask about such
things.
If you don't trust other people with your password, don't let them
have
it.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Bryan Phillips" <bphillips@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote
in
message news:%23onvBVh%23GHA.4888@xxxxxxxxxxxxxxxxxxxxxxx
The logging occurs regardless of the type of email client:
Outlook,
OWA,
or Outlook Mobile. Your Exchange administrator can increase the
level
of
auditing to log more details about the activity in your email
account.

Bryan Phillips
MCSD, MCDBA, MCSE
Blog: http://bphillips76.spaces.live.com




"help!!" <help!!@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D544588D-B9B9-40CE-85D0-90993196BAB5@xxxxxxxxxxxxx:

Both at work (Entourage is too slow) and when I'm out of the
office, I
access
my e-mail via our exchange server using a mac and IE, through
microsoft
outlook web access. There is a password 'system' in place that
uses
certain
letters of our names - we are given our passwords and few people
change
them
- we are trusting types.
But it does mean that many of us know each other's passwords. My
question
is
this... in such an 'open' environment, where so many people
'know'
each
other's passwords, are we all able to just surf each other's
mailboxes
without detection? I have read here of the 'event 1016' that
shows up
on
the
administration logs when someone other than the 'owner' of the
account
accesses the account. But does this hold true for web access? Is
it
the
case
that my e-mail account, or anyone else's for that matter, is an
'open
book'
when accessed this way or is there a way to detect who is who,
especially
when the user name and password are correct? Sometimes I read
that
1016
shows
up only when an unsuccessful attempt is made to access, other
times I
read
that it is there every time. Can I, via getting with the
administrator,
prove
that someone, who has my password and is accessing via the web,
was
reading
my e-mail?
Thanks in advance.










.

Relevant Pages

  • Re: accessing emails using owa ... traceable?
    ... If they access diffent mailboxes from the same client, ... "Joe Kaplan" wrote: ... When the user is behind a firewall router, ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.dotnet.security)
  • Re: accessing emails using owa ... traceable?
    ... "Joe Kaplan" wrote: ... When the user is behind a firewall router, ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... account. ...
    (microsoft.public.dotnet.security)
  • error from federation server proxy
    ... the application is not opening and going to federation server ... "Joe Kaplan" wrote: ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.windows.server.active_directory)
  • Re: LDIFDE Error when trying to change passwords.
    ... "Joe Kaplan" wrote: ... The -h adds the encryption. ... Co-author of "The .NET Developer's Guide to Directory Services ... command or the bind command as I am not sure how to use them. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Integrated Windows Authentication Timeout?
    ... "Joe Kaplan" wrote: ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... long as they are all on the same account. ... SPN exists on the account that is running the service. ...
    (microsoft.public.dotnet.framework.aspnet.security)