Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Computer Security (http://www.velocityreviews.com/forums/f38-computer-security.html)
-   -   Re: hacking through a mail server? (http://www.velocityreviews.com/forums/t690214-re-hacking-through-a-mail-server.html)

Todd H. 07-06-2009 06:04 AM

Re: hacking through a mail server?
 
"tg" <tg@nospamevereverever.net> writes:

> is it possible to be hacked through one's mail server?


Possible sure. Likely... nah, if it's a dedicated ISP mail server.
But... what kind of mail server? One akin to shared hosting accounts
that's also your domain's web server dns server, and box that randoms
like yourself may have shell accounts on? In that case, then the door
of "maybe" opens up just a little bit. But then you have to wonder
about motiviation--why would someone who owns your hosting account
give a rat about owning your home PC too unless you've really ****ed
them off? Again, all possible, but I'd set the bar of suspicion
pretty high before crying wolf.

> I use a network monitor on my pc called Net Medic and for the third time in
> the last month I've noticed suspicious network activity on my PC. Each time
> I saw this I've run wireshark for a few seconds and then disabled my NIC,
> and wireshark shows the traffic is coming from tim.netweaver.net which is
> netweaver's latest mail server.
> I have hosting accounts with netweaver
> and I've complained to them about this but they insist it's just
> normal email traffic and that they have not been
> compromised.


Do you have any reason not to believe them?

> Problem is I'm not running any email program when I get this traffic
> and the nature of this network traffic is completely different to
> when I check my email.


Are you certain your mailer hasn't been backgrounded and periodically
checking for new mail? Has your mailer recently been
changed/upgraded? What OS are you using? Is the traffic originating
from the mailer server?

> I've been watching my email traffic for about
> 5 years now and this is different.


Without telling us specifics of what sort of traffic (port, protocol)
is new different and iteresting, it's impossible to say what might be
going on..

> My question is: is it possible for someone to hack 'through' or
> 'via' a mail server?


Yes. But my money's on them having upgraded software, or the
new/different stuff you're seeing is just something new happening on
their end.

I am curious however, the nature of this new/different traffic.


--
Todd H.
http://www.toddh.net/


All times are GMT. The time now is 11:29 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.