The first vulnerability, spoofing IP packets, allows an intruder on the Internet to effectively impersonate a local system's IP address. If other local systems perform session authentication based on the IP address of a connection (e.g. rlogin with .rhosts or /etc/hosts.equiv files under Unix), they will believe incoming connections from the intruder actually originate from a local "trusted host" and will not require a password. This technique is especially damaging when root connections are permitted with no password.
Services that are vulnerable to forged IP packets include:
• SunRPC & NFS
• BSD Unix "r" commands, including rlogin
• Services secured by TCP Wrappers using source address access control
• X Windows
It is possible for forged packets to penetrate firewalls based on filtering routers if the router is not configured to block incoming packets with source addresses in the local domain. It is important to note that this attack is possible even if no session packets can be routed back to the attacker. Note also that this attack is not based on the source routing option of the IP protocol.
How did they get my address?
Most spammers get your address by buying lists from other spammers. But how did someone get it in the first place? Often when you give your address to websites that you visit. Some of these sites pass your address on to other sites, who pass it on in turn. More often, your address is "scraped" form the webpage where it appears. For example, in your user profile. If you can see it online, so can the spammers.
They can also get it by harvesting your address from chain messages -- you know -- the ones that have Fw: Fwd: Cute Joke (or whatever) as their Subject. Some people don't know how to forward messages without sending the whole "To:" list to everybody on the list. Eventually one of those messages lands in the web (pun intended) of some spammer. Tell your friend please take me off your humor distribution list, of at least please follow the advice below:
"If you want to forward jokes and stuff properly, put all the "Fwd" addresses in the "Blind Copy" (BCC) line, not in the "To" line so that each recipient gets their own private message, with none of the other addresses in it. Also, it would be polite to edit the original message so that all the previous addresses are removed." See the tutorial by Somewhere in Time to learn more about how to "forward" properly using "BCC".
Spammers also simply guess email addresses. How hard would it be to guess Robert87639@aol.com? It simply follows Robert 87638. Spammers can easily try all these common combinations. It doesn't take much effort with high speed computers doing the work. If you respond in anger, or even to "unsubscribe", they know they've hooked a live one.
Some spam that doesn't even need your email address. This spam uses the Messenger "service" in Windows (not to be confused with Windows Messenger). It just pops up without warning in the middle of what you're doing. You can use a firewall to stop Messenger spam in Windows 98, or you can reconfigure your NetBIOS networking -- something you should do for security anyway. You can disable Windows Messenger in Windows XP, 2000 and NT to stop it.
No comments:
Post a Comment