While performing email footprinting on ExampleCorp, you examine the full header of a message allegedly sent by an internal employee. The excerpt reads:
Received: from mail.edge.example.com (203.0.113.12) by mx.google.com with ESMTPS id XYZ Received: from WS-ACCT-7.internal.example.com (10.20.5.37) by mail.edge.example.com with ESMTP id ABC
Which IP address most likely belongs to the employee's originating workstation and can reveal ExampleCorp's internal addressing scheme?
SMTP servers add a new Received: header at the top of the header block every time they relay a message. Because each server prepends (rather than appends) its own entry, the bottom-most Received line is the oldest and shows where the message first entered the SMTP chain. In this header, the lowest (second) Received line records that host "WS-ACCT-7.internal.example.com" at IP 10.20.5.37 handed the message to the corporate edge server. That 10.20.5.37 address is therefore the sender's workstation on the internal network and, being an RFC 1918 private address, it discloses part of ExampleCorp's internal IP schema. The address 203.0.113.12 is the public edge mail gateway, while 8.8.8.8 and 192.0.2.25 are unrelated distractor addresses.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the significance of RFC 1918 private addresses?
Open an interactive chat with Bash
How do SMTP headers help in email footprinting?
Open an interactive chat with Bash
Why is the oldest Received header critical in tracing email origin?
Open an interactive chat with Bash
What is the significance of private IP addresses like 10.20.5.37?
Open an interactive chat with Bash
How does the SMTP 'Received' header help trace email origin?
Open an interactive chat with Bash
What does RFC 1918 specify, and why is it relevant to internal IP addresses?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Reconnaissance Techniques
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .