3. Intruders spamming network through internal addresses

The no. 3 Ask the Expert question of 2002, based on page views.

 

 

An unknown intruder has been able to spam our network and send users to pornography sites. I don't know how the intruder got my company's internal addresses. The e-mail appears to be sent to ourselves as "data@xxx.xxxxx.xxx," where "xxx.xxxxx.xxx" is the name of any organization. There is no mailbox in our network called "data." Further, there appears to be nothing outstanding within the headers or components of the messages. We're stumped. Do you have any idea how the intruder is doing this?

This question posed on 19 June 2002

This sounds like one of the fun Klez-like worms that have been making the rounds of the Web in recent months. Nasty buggers that spoof their "From" headers and proliferate their destinations from the Address Books and even entire hard drives of their unfortunate victims. Some simply deliver a mass-mailer payload, while others exhibit the behavior you describe of directing users to pornographic Web sites. The best technical explanations of the inner workings of e-mail viruses ("how the intruder is doing this") can be found at www.sarc.com, or at the vendor site for Symantec, Network Associates, etc.

As is the case with any e-mail-borne virus, your first and best line of defense is a properly-functioning and frequently-updated antivirus program. Further, if you are maintaining your own e-mail server, ensure that your message transit agents (MTAs) are sufficiently configured to NOT allow spam or mail-relaying. This is a good practice to follow even if you weren't facing this difficulty.

Using MS Exchange as an example, the Exchange Internet Mail Service must be manually configured to "reject any e-mail message that does not have a valid recipient on this server." It's a quick configuration to make, but one that must be manually set nonetheless. If your e-mail is outsourced to an external provider, call them up and bug them to ensure that they are doing likewise.

Click here to read more of Laura Hunter's answers to network management questions or ask her a question.

Editor's note: You can sign up to have free security administration tips delivered to your inbox every Tuesday morning.

This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close