• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint

Knowing Where to Look

Locating a Web server on the Internet is often the easiest task in the world. Type in www.<anyword>.com, and you'll probably land on a valid Web site. Finding an email server might take a little more effort, but it's still a simple task. If an email server is exposed on the Internet, it's just a matter of time until an attacker locates it.

Case Study 6-2

Arnold was on a mission to get a job with a company that made computer games. He wasn't completely sure how to go about this, but he knew a few tricks and had plenty of resources on the Internet to help him. He had tried to get hired at the biggest gaming company, ILTPG Inc., but he didn't have enough experience.

Arnold knew he was better than most of the ILTPG employees and decided to pull a scam to get the job he wanted. He went to ILTPG's main competitor, Sore Thumbs. On his resume, he indicated that he had worked at ILTPG for several years. He figured that because Sore Thumbs was a competitor, his references might not be checked as closely.

Arnold was wrong. Sore Thumbs was impressed with his fabricated resume, but wanted a reference from ILTPG. Arnold thought quickly. He decided if he could send an email from ILTPG to Sore Thumbs with glowing information about Arnold's skills, he might just pull this off. Arnold realized that Sore Thumbs would probably detect a simple spoof right off the bat, so he decided to relay the attack through the ILTPG email server. However, the main server wasn't vulnerable to a relay attack. Not a problem for Arnold. He simply searched their network for another server. He figured that a company as big as ILTPG must have a number of other email servers that could be exploited.



PREVIEW

                                                                          

Not a subscriber?

Start A Free Trial


  
  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint