Faked IP Question

iMax

Is it possible to "fake" an IP address ?

I've been recieving some hotmail emails from I suspect, someone I know, to work. The only thing is the IP address they're coming from is from my company. The person I suspect is sending them is based in Australia & I have an idea is trying to stitch me up somehow. Could he fake where IP address to make it appear as if they're coming from inside my company ?

There's VNC installed across the network. If this was the case would it be possible for someone (assuming they knew where I worked) to be able to take control of a system and use it to send mail or relay mail ?

I've only started in this place & this guy has made a lot of trouble for me in the past, I really don't want to have to explain things to my new employer.

shabbyroad

Just delete the emails.
If they're threatening or some sort of harrassment then forward them to your HR & IT people. The sender will have bigger problems on their hands in that event...

Bogger77

Talk nicely to people in your IT department, get the email address put on the black list, so all mail from them will be refused at the mail server, or ask that they send back a dummy "user unknown" to this guys mail address and then blacklist it.

ressem

There's a few gaps about the IT setup you have so I've a few assumptions here.

"Is it possible to fake an ip address?"
As in, to fake the source and initial relays of the mail header, yes. As in, to lie to the company firewall about the source ip of the smtp connection, yes, but less likely.

"The only thing is the IP address they're coming from is from my company"

Are you gathering this information from the header of the mail? Is the source ip an internal (192.168.x.x, 10.x.x.x or the like) or external one? Are there any external relays listed between sending and your company mail server receiving?

Just to check, you do know that internal IPs can be the same for companies or just broadband users behind NAT routers.

And you're sure that the mails aren't mass market spam sent by a trojan that might be sitting on a laptop somewhere? They're definitely targeted at you?
Searching for recognisable strings on google might show that there's an automated known cause.

VNC installed across the network being used to send mail? Possible, but unlikely. VNC should not allowed through the firewall, and should not be running as an internet available service. In which case a machine would have to be compromised in another way, tresspassing, trojan, exploited server.

If your IT people are approachable, and you ask nicely then they should have access to SMTP logs and firewall logs, which will tell whether SMTP traffic is leaving the company from that machine. (Should all leave through the mail server), and from where the unwanted mail is being relayed, if you give them the mail header.

Zenith74

The only thing is the IP address they're coming from is from my company.

I've just sent a test email to myself to confirm this; the header of a message from somebody using Hotmail doesn't show their IP because it's web based (assuming their using it web based), so the IP address you're seeing is probably something else. Maybe you could post some of the header?

You can always see things happening when somebody gets onto your PC over VNC and the icon turns black, though I suppose he could be doing it at night though if you don't turn your PC off. Unlikely though I'd say!