[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Working on Data
Tom,
Bottom line is that people who do what you are doing and care a lot
about security use "three legged" or multiple firewalls and set up
what they call a "DMZ". Most people with as many computers as
you have also have staff to run them.
Email is so easy to send that I could
log into mike, fire up an editor, type in a few lines of perl
and then run the perl script and it could send out loads of email.
You need a much more complex and sophisticated firewall to
prevent or monitor this.
I use something called "shorewall" which runs on Linux
and have retired my Linksys box. The leaning cure is about 10X
greater but no worse then using a comercial firewall from Cisco.
http://www.shorewall.net/
shorewall uses the same concepts as cisco. You divide up "the
network" into segments and assign the segments names like "the
internet", "the DMZ", "my secure network", "my kids room",
"wireless devices" and
then you define rules governing what kinds of data can cross
between the network segments. The Linksys Router implements only
the simple case of two network segments "the Internet" and "my
house" and only lets you define a few simple rules. shorewall
fully generalizes the concept and allows things like policy to be
used if there is no rule and allows for exceptions and fine control
over logging
normally e-mail both inbound and outbound is logged if the normal mail
system is used. But a sophisticated spammer would run his own e-mail
program that does not log.
Sending e-mail from mike and not having it logged is triveal and can be
done without even using software as you can type the SMTP protocol
directly from the keyboard. All you need to do is telnet to a
mail server's port 25 and type in the correct gibberish. That method
takes forever but one could write a simple perl scrit to speed things
up. For example I can connect to a local mail server by typing
"telnet rush 25" when it answers I type "helo wi792". I could
continue the dialog and actually send an e-mail. I use this
method to test out mail servers that I manage. If you don't know
what giberish to type most mail servers will respond to the "help"
command.
Here is transscript of above (my PC is "wi792" and the server
is "rush")
wi792:~>telnet rush 25
Trying 130.221.24.10...
Connected to rushg.aero.org.
Escape character is '^]'.
220 rushe.aero.org ESMTP Sendmail 8.11.7p1+Sun/8.11.7; Mon, 25 Oct 2004
16:03:33 -0700 (PDT)
helo foobar
250 rushe.aero.org Hello wi792.aero.org [130.221.27.141], pleased to
meet you
help
214-2.0.0 This is sendmail version 8.11.7p1+Sun
214-2.0.0 Topics:
214-2.0.0 HELO EHLO MAIL RCPT DATA
214-2.0.0 RSET NOOP QUIT HELP VRFY
214-2.0.0 EXPN VERB ETRN DSN
214-2.0.0 For more info use "HELP <topic>".
214-2.0.0 To report bugs in the implementation contact Sun Microsystems
214-2.0.0 Technical Support.
214-2.0.0 For local information send email to Postmaster at your site.
214 2.0.0 End of HELP info
--- droege@snapmail.us wrote:
> If you plan to do significant work on mike or matt, please have me
> give
> you a login name and password.
>
> At the moment, I see someone working away on mike using tom. I don't
> know
> if this is proper or not. If I don't know what you are doing, I might
> just
> dump you off.
>
> The last think I want is someone using these computers to send out
> spam.
>
> Someone might tell me how to monitor outgoing mail messages so that I
> can
> be sure this is not happening.
>
> Tom Droege
>
>
=====
Chris Albertson
Home: 310-376-1029 chrisalbertson90278@yahoo.com
Cell: 310-990-7550
Office: 310-336-5189 Christopher.J.Albertson@aero.org
KG6OMK
__________________________________
Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
http://promotions.yahoo.com/new_mail