Firewall Wizards mailing list archives

Re: To spoof or not to spoof???? That is the question....

From: "Kevin Sheldrake" <kev () electriccat co uk>
Date: Fri, 30 Jul 2004 11:52:08 +0100

Hello

Long time since I've been here; I've changed company twice...

This is about email spoofing. A long time back, this
email address of mine was spoofed or atleast being
used to send malicious worms, beagle variant.
<SNIP>

I was just wondering why this happened again? I am
sure that this is not due to my present configuration
as this problem happened in the past and besides, I
followed all the suggestions from this group on how to
secure both my linux box, my home networked PC's and
my hardware router.

A number of current viri tend to spoof the source address when spreadingto mask the source of the infection. This is done by picking an addressfrom the address book on the infected machine/user environment. It'slikely that someone who has your address in their address book has beeninfected. You can't really do much about it.

Since this has happened again, I have decided to use
gnupg for all my machines in the future. However, I am
just curious as to how this has happened?

Doesn't gnupg (or any PGP varient) require that your recipients use a pgpvarient and that you have a copy of their public key? Could be difficultconvincing all your friends to do so.

<SNIP>
The only thing that I may know right now is, when I
made an online purchase for a product.... though I
went into a site that is secure as it is a https
site... I think, someone may have intercepted some of
my packets and sniffed their way through. Or unless
otherwise...

Erm, while sniffing HTTPS packets is not impossible, it would most likelyneed to be done by someone local to your LAN. Dissecting HTTPS usuallyrequires an active attack and active filtering. seehttp://ettercap.sourceforge.net


Kev



--
Kevin Sheldrake MEng MIEE CEng CISSP
Electric Cat (Bournemouth) Ltd
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

To spoof or not to spoof???? That is the question.... InHisGrip (Jul 29)
- Re: To spoof or not to spoof???? That is the question.... Jim Seymour (Jul 30)
- Re: To spoof or not to spoof???? That is the question.... Matt Dunn (Jul 30)
- Re: To spoof or not to spoof???? That is the question.... Kevin Sheldrake (Jul 30)
- <Possible follow-ups>
- Re: To spoof or not to spoof???? That is the question.... Frederick M Avolio (Jul 30)