Exercise: Email Spoofing - PowerPoint PPT Presentation

remedy
exercise email spoofing n.
Skip this Video
Loading SlideShow in 5 Seconds..
Exercise: Email Spoofing PowerPoint Presentation
Download Presentation
Exercise: Email Spoofing

play fullscreen
1 / 14
Download Presentation
Exercise: Email Spoofing
239 Views
Download Presentation

Exercise: Email Spoofing

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Exercise: Email Spoofing Christopher Harrison, Auburn University

  2. Overview • What is Email Spoofing • Types of Spoofing • Identifying Spoofed Emails • Understanding Email Headers • Conclusion

  3. What is Email Spoofing • Due to the lack of authentication in the email protocol (SMTP), attackers and spammers can easily obfuscate the origin of their email. • Attackers use spoofed email messages to propagate viruses, Trojans, and worms. Criminals use them for phishing schemes.

  4. Types of Email Spoofing • Open Mail Relay (misconfigured server) • Self-Owned Mail Servers • Compromised Machines • Hijacked Email Accounts • Temporary Accounts

  5. Exercise: Spoofing Email • Type the following into the command line • startx • Then hit ‘enter’

  6. Exercise: Spoofing Emails • Click the Terminal at the bottom left of the screen and type the the following: • cd /etc/init.d/ • sendmail start

  7. Exercise: Spoofing Emails • Open a second Terminal keeping the first open and type: • sendmail

  8. Exercise: Email Spoofing • Open a third Terminal keeping the other two open and type: • telnet 127.0.0.1 25

  9. Exercise: Email Spoofing • In the same terminal as before, type: • helo 127.0.0.1 • mail from: <professor@auburn.edu> • rcpt to: <youremailaddress@yourprovider.com> • data • date: thu 13 Sept 2012 • subject: Class Cancelled • Class has been cancelled tomorrow. • .

  10. Exercise: Email Spoofing • Go to Start Menu in the bottom-left, click on internet then firefox. • Go to your email provider and type in your credentials and the email should be there.

  11. Identifying Spoofed Email • There are a number of telltale signs that may indicate an email is not legitimate. All of them involve interpreting a message’s headers.

  12. Understanding Email Headers • Headers are added when the email is handled by different parties. Understanding headers is necessary to identifying and tracing spoofed email.

  13. Conclusion • Threat of Email Spoofing • Types • Detecting and Identifying

  14. Questions?