1) Simple Mail Transfer Protocol (SMTP port-25)
2) Post Office Protocol (POP port-110)
E-Mail hacking consists of various techniques as discussed below.
1) E-Mail Tracing :- Generally, the path taken by an e-mail while travelling from sender to receiver can be explained by following diagram.
The most effective and easiest way to trace an e-mail is to analyze it's e-mail headers. This can be done by just viewing the full header of received e-mail. A typical e-mail header looks something like this:
====================================================================
From Barr Thu Jan 3 05:33:26 2008
X-Apparently-To: prasannasherekar@yahoo.co.in via 203.104.16.34; Thu, 03 Jan 2008 05:25:38 +0530
X-YahooFilteredBulk: 189.160.34.89
X-Originating-IP: [189.160.34.89]
Return-Path:
Authentication-Results: mta113.mail.in.yahoo.com from=destatis.de; domainkeys=neutral (no sig)
Received: from 189.160.34.89 (HELO dsl-189-160-34-89.prod-infinitum.com.mx) (189.160.34.89) by mta113.mail.in.yahoo.com with SMTP; Thu, 03 Jan 2008 05:25:38 +0530
Received: from dvapa ([141.203.33.92]) by dsl-189-160-34-89.prod-infinitum.com.mx with Microsoft SMTPSVC(6.0.3790.0); Wed, 2 Jan 2008 18:03:26 -0600
Message-ID: <477c264e.3000604@destatis.de>
Date: Wed, 2 Jan 2008 18:03:26 -0600
From: "Barr"
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: prasannasherekar@yahoo.co.in
Subject: angel rubberneck
Content-Type: multipart/related; boundary="------------030604060204000701040304"
Content-Length: 16433
====================================================================
a) Sender's e-mail address :- atiles@destatis.de
b) Source IP address :- 141.203.33.92
c) Source mail server :- dsl-189-160-34-89.prod-infinitum.com.mx
d) E-mail client :- Thunderbird 2.0.0.6
 | There are lots of ready-made tools available on the internet which performs e-mail tracing very effectively and shows exact geographical location for e-mail sender on the world map. |
Recommended Tools | |
NeoTrace | http://www.neotrace.com |
VisualRoute | http://visualroute.visualware.com |
E-MailTracker | http://www.visualware.com |
2) E-Mail Forging :- E-mail forging allows an attacker to disguise the source of an e-mail and send it to the victim. Most attackers use this technique to fool the victim into believing that somebody else has send the particular e-mail.
The SMTP protocol makes it extremely easy for an attacker to send forged e-mails to a remote user.
Typically an attacker carries out e-mail forging by following steps:
1) Start Command Prompt and type the following command-
c:/>telnet smtp.mailserver.com 25 or c:/>telnet mail.domain.com 25
example:- c:/>telnet smtp.gmail.com 25
The above command opens a telnet connection to the specified remote mail server on port-25. Where port-25 is the default SMTP port on which outgoing mail daemon runs.
2) Once you are connected to the mail daemon of remote mail server, you would be greeted with a message similar to following:-
If you are not familiar with the smtp mail daemon commands then enter the keyword 'help' at daemon which may reveal all the supporting commands as shown below.
3) The correct sequence of commands to be executed is:-
a) helo mailserver1.com
b) mail from:abc@mailserver1.com
c) rcpt to:xyz@mailserver2.com
d) data
e) .(dot command represents end of mail body)
This all as shown in figure below:
| | E-Mail forging by this technique does not possible, if mail relying is disabled by it's service provider. |
3) Spam :- Every e-mail account and network on the internet has limited space and bandwidth. This means that if an attacker is able to clog up all the inbox space and bandwidth of the target computer, it could cause lot of inconvenience and unnecessary trouble. Spam e-mails have slowly but surely started clogging up the bandwidth on the internet and the memory space in our inboxes.
MailBombing:- Mailbombing is a technique wherein the attacker floods victim's e-mail account with an extremely large (sometimes infinite) number of unsolicited meaningless e-mails. Two different types of mailbombing are-
a) Mass Mailbombing
b) List Linking Mailbombing
No comments:
Post a Comment