Page 162 - StudyBook.pdf
P. 162

146    Chapter 3 • Communication Security: Remote Access and Messaging

                  5. Type in a fake “from” address in the format of mail from:
                      spam@spamguy.com.The e-mail server will respond with the “Sender
                      OK” response.
                  6. Type rcpt to: fakeuser@myserver.com.The server should respond with
                      “unable to relay for fakeuser@myserver.com.” If not, your server can be
                      used for SMTP relay.

                 If your e-mail server does not respond with the “unable to relay” notification,
             go back through the configurations to make sure the necessary steps were taken to
             prevent relaying.


                Spam and SMTP Relay
                Later in this chapter, you will read about unsolicited e-mails known as
           Head of the Class...  pyramid schemes, pornography Web sites, or other unsolicited products)
                spam. Many times, companies that use spam (those selling illegal goods,

                search the Internet for SMTP servers that do not restrict SMTP relay ser-
                vices. When they find an e-mail server that is not restricted, they exploit
                that server to distribute spam e-mails to the connected world.
                     Many large companies have e-mail administrators who manage e-
                mail servers. If the e-mail administrator of one company is given the
                address or domain of another company’s e-mail server as a potential
                spam distributor, the other administrator will block all incoming e-mail
                from that company. “Black hole” software is available that contains a list
                of exploited SMTP relay servers.



             Spoofing

             Spoofing is the forging of attributes within an e-mail, particularly the “From” field
             in the message header.This type of attack, typically from spammers but also can be
             generated by a virus, is particularly offensive because rules set in very basic spam-
             filtering appliances and mail servers can block mail from everyone but “trusted”
             users, or users on the same domain.When a message is spoofed, users can simply
             think the message is valid, but then become a victim of an attack.
                 Behind the scenes, a spoofing attack really is a matter of getting around DNS
             and mail server security. Messages are either sent with inaccurate IP or DNS infor-
             mation. Recursive checks at the firewall/DNS server can assist in lowering the
             number of successful spoofing attempts by validating that the sending domain and
             IP given are representative of the true source.




          www.syngress.com
   157   158   159   160   161   162   163   164   165   166   167