Can you set up a firewall rule to drop / reject any e-mail comming out of AOL? That may force him/her to take another route and maybe that route won't be as ugly to follow back. Just a thought.
Cheers:
Printable View
Can you set up a firewall rule to drop / reject any e-mail comming out of AOL? That may force him/her to take another route and maybe that route won't be as ugly to follow back. Just a thought.
Cheers:
DJM:
Thanks for the thought..... But there's the "rub".... The company in question is heavily into eCommerce at a consumer level..... Killing AOL mail would probably be doing the perpetrator's bidding......
My Bosses might baulk at me spending a chunk of work time of this but I'm learning a few very valuable lessons about the value of internal security and disgruntled employees..... Some things will be checked and rechecked at work in response to this "learning experience"..... I'm just glad it's a friend's problem not mine...... :D
Umm.. dumb question but what about asking AOL to help? I don't think they'd be thrilled to find out they are being used for Open Relay and for something that potentially could be illegal (depending on the state and such).
Along with what MsMittens said. It isn't AOL that has the open relay though, its the step before it gets into the AOL system. Like TS said, it appears that they are using online accounts (netscape/yahoo/etc) so instead of using a relay, they are using a proxy to connect to the email program. Then they don't have to worry about finding an open realay. About the only thing that I can see as being fesable (and you will have to talk to your management about this) is to contact the companies that have the open proxies. Explain to them your situation and that someone is using their computers to harass you. Your managers will have to agree as you will have to give your company name and such. Then, hopefully one or more of those other companies will either close the proxy, or better yet, watch the proxy to find out where the connection is comming from. The government won't get involved because you don't have enough damage to your system, but if one of those other companies finds out they have a lot of damage to a computer that they didn't know about, they may report it to the FBI/Secret service, and something may happen then.
Anyone else reminded of the Cuckoo's Egg by Clifford Stoll?
Ms. M:
Sorry if I've miscommunicated..... It's not AOL that is the relay.... It's someone using AOL and now Hotmail accounts, (available from any internet connected PC), using proxies to send harrassing mails to this company through AOL and Hotmail accounts.
Frankly I have no confidence in the complaint system of either AOL or Hotmail to even reply to the complaint other then the automated "We have received you complaint" message.....
Additionally, the way this person is "moving around" implies to me that a blocked account will be no problem and a new one will pop up from somewhere..... I need the little #$%^& to make a mistake.... Unfortunately, I'm not sure (s)he will...... <sigh>
[EDIT]
Soul: Yep.... You have it down pat.... That's the situation.... I'm trying my best bet right now which is to try to start a conversation with the "perp" to see if we can narrow down the possibilities. Probably won't get much from it but I'm running out of ideas....
[/EDIT]
I would still contact them. But not via email necessarily. I'd call and find someone to speak to. I don't think they are going to take to it too kindly that someone is using their servers this way. They may be able to watch for certain patterns and perhaps find the answer. At worse, you'll get no response. At best, they might help you.
Ms. M:
Yeah, it's a "weapon in the arsenal" but now we are dealing with AOL/Netscape and Hotmail..... They are getting a little desperate there, (it's not my company, it's a small eCommerce company that has some minor "skeletons" in their closet dating back to the dot.com era)..... Too much to explain but it is causing them some grief that is probably undeserved and it needs to be fixed quickly for the sanity of those involved..... That's why I was asked to help...... It peeves the crap out of me that, at this point.... I can't!!!! :mad: And by the time AOL/Netscape and Hotmail actually produce we'll all be dead and buried.... ;)
in the email your sending the perp use an html format and inbed a 1 pixel transparemt graphic located on your webserver. title the msg "how much do you want?" on the remote chance that it will actually be read. you can then grep your wwwlogs for the name of the gif or whatever and see what ip d/l'ed it. its a longshot but what the hay
Tedob1: Thats a great idea. I would send the email to every account that they have sent from thus far. (pixel included) If you get more emails from different accounts, then send to those accounts too. Since they are using web based clients, it they won't find the "bug" until its too late.
If they are going to slip up, it probably going to be them reading the email, rather than them sending the email. Hopefully, they will check the mail from their real ip, since it will be faster.
Also, if you can determine which proxies they like to use. Try to contact the admins of the proxies and see if you can get any info from their logs. Give them time and date and see if you can get snippets of the logs from around the same time the mail was sent.
It is also possible that they are proxy chaining... which will lead you to yet another proxy.
Same process. Contact admin and see if you can get logs.
Most admins will probably give you the info you want. It doesn't compromise any of their security... they don't have any in place... They'd probably also like to know that they goofed and have a compromised host or misconfigured proxy.
I'd try to contact those admins ASAP so they don't kill their logs before you get to them.
If they even have logging enabled or even check their logs...
Trying to strike up a "relationship" with this person is a good idea too. Just don't let on that you know too much... play dumb. But within reason. The dumber they think you are, the more likely they are to slip up.
AOL mail has a pop up that says, "Do you know who sent you this image?", but other email accounts might not. So if that warning comes up with whatever email accounts they use, maybe you would want to consider not sending it to that account, it would ruin the whole 1 pixel transparent thing idea, because they will know its there. Honestly, you all know better than I do, thats for sure. Sounds like a cool idea. Its like Batman.