Firewall Wizards mailing list archives
Re: To spoof or not to spoof???? That is the question....
From: "Kevin Sheldrake" <kev () electriccat co uk>
Date: Fri, 30 Jul 2004 11:52:08 +0100
Hello Long time since I've been here; I've changed company twice...
This is about email spoofing. A long time back, this email address of mine was spoofed or atleast being used to send malicious worms, beagle variant. <SNIP> I was just wondering why this happened again? I am sure that this is not due to my present configuration as this problem happened in the past and besides, I followed all the suggestions from this group on how to secure both my linux box, my home networked PC's and my hardware router.
A number of current viri tend to spoof the source address when spreading to mask the source of the infection. This is done by picking an address from the address book on the infected machine/user environment. It's likely that someone who has your address in their address book has been infected. You can't really do much about it.
Since this has happened again, I have decided to use gnupg for all my machines in the future. However, I am just curious as to how this has happened?
Doesn't gnupg (or any PGP varient) require that your recipients use a pgp varient and that you have a copy of their public key? Could be difficult convincing all your friends to do so.
<SNIP> The only thing that I may know right now is, when I made an online purchase for a product.... though I went into a site that is secure as it is a https site... I think, someone may have intercepted some of my packets and sniffed their way through. Or unless otherwise...
Erm, while sniffing HTTPS packets is not impossible, it would most likely need to be done by someone local to your LAN. Dissecting HTTPS usually requires an active attack and active filtering. see http://ettercap.sourceforge.net
Kev -- Kevin Sheldrake MEng MIEE CEng CISSP Electric Cat (Bournemouth) Ltd _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- To spoof or not to spoof???? That is the question.... InHisGrip (Jul 29)
- Re: To spoof or not to spoof???? That is the question.... Jim Seymour (Jul 30)
- Re: To spoof or not to spoof???? That is the question.... Matt Dunn (Jul 30)
- Re: To spoof or not to spoof???? That is the question.... Kevin Sheldrake (Jul 30)
- <Possible follow-ups>
- Re: To spoof or not to spoof???? That is the question.... Frederick M Avolio (Jul 30)