Exercise: Email Spoofing Christopher Harrison, Auburn University
Overview • What is Email Spoofing • Types of Spoofing • Identifying Spoofed Emails • Understanding Email Headers • Conclusion
What is Email Spoofing • Due to the lack of authentication in the email protocol (SMTP), attackers and spammers can easily obfuscate the origin of their email. • Attackers use spoofed email messages to propagate viruses, Trojans, and worms. Criminals use them for phishing schemes.
Types of Email Spoofing • Open Mail Relay (misconfigured server) • Self-Owned Mail Servers • Compromised Machines • Hijacked Email Accounts • Temporary Accounts
Exercise: Spoofing Email • Type the following into the command line • startx • Then hit ‘enter’
Exercise: Spoofing Emails • Click the Terminal at the bottom left of the screen and type the the following: • cd /etc/init.d/ • sendmail start
Exercise: Spoofing Emails • Open a second Terminal keeping the first open and type: • sendmail
Exercise: Email Spoofing • Open a third Terminal keeping the other two open and type: • telnet 127.0.0.1 25
Exercise: Email Spoofing • In the same terminal as before, type: • helo 127.0.0.1 • mail from: <email@example.com> • rcpt to: <firstname.lastname@example.org> • data • date: thu 13 Sept 2012 • subject: Class Cancelled • Class has been cancelled tomorrow. • .
Exercise: Email Spoofing • Go to Start Menu in the bottom-left, click on internet then firefox. • Go to your email provider and type in your credentials and the email should be there.
Identifying Spoofed Email • There are a number of telltale signs that may indicate an email is not legitimate. All of them involve interpreting a message’s headers.
Understanding Email Headers • Headers are added when the email is handled by different parties. Understanding headers is necessary to identifying and tracing spoofed email.
Conclusion • Threat of Email Spoofing • Types • Detecting and Identifying