Re: hacking through a mail server?

Discussion in 'Computer Security' started by Gerard Bok, Jul 6, 2009.

  1. Gerard Bok

    Gerard Bok Guest

    On Sun, 5 Jul 2009 19:44:30 +0100, "tg"
    <> wrote:

    >is it possible to be hacked through one's mail server?


    Sure.
    If there's a connection, there is a security risc involved :)

    >I use a network monitor on my pc called Net Medic and for the third time in
    >the last month I've noticed suspicious network activity on my PC. Each time
    >I saw this I've run wireshark for a few seconds and then disabled my NIC,
    >and wireshark shows the traffic is coming from tim.netweaver.net which is
    >netweaver's latest mail server.


    Since you are using OE, there is no reason at all for any
    communication between your ISP's mailserver and your PC other
    than that, initiated by OE on your PC.
    (But you may have scheduled automatic mail pickup !)

    The more relevant question reads: Why do you suspect their
    mailserver to be the culprit ?
    Is it because the traffic uses ports like 25 or 110 ?
    Or because an IP lookup shows netweaver's mailserver ?
    Are you sure, all their other servers run on IP addresses
    different from the mailserver's ?

    >I have hosting accounts with netweaver and I've complained to them about
    >this but they insist it's just normal email traffic and that they have not
    >been compromised. Problem is I'm not running any email program when I get
    >this traffic and the nature of this network traffic is completely different
    >to when I check my email. I've been watching my email traffic for about 5
    >years now and this is different.


    Read what is inside the packets, that's what Wireshark is for :)

    --
    Kind regards,
    Gerard Bok
     
    Gerard Bok, Jul 6, 2009
    #1
    1. Advertising

  2. Gerard Bok

    Todd H. Guest

    "tg" <> writes:

    > "Gerard Bok" <> wrote in message
    > news:...
    >> On Sun, 5 Jul 2009 19:44:30 +0100, "tg"
    >> <> wrote:

    >
    >> The more relevant question reads: Why do you suspect their
    >> mailserver to be the culprit ?
    >> Is it because the traffic uses ports like 25 or 110 ?
    >> Or because an IP lookup shows netweaver's mailserver ?

    >
    > both. The traffic uses port 110, and the ip lookup points at netweavers
    > mail server.
    >>
    >> Read what is inside the packets, that's what Wireshark is for :)

    >
    > the packets just contain gobbledegook, like this:
    >
    > (¸ T"^3 E 4ÚÌ@ ?*!¬NÂú6à no¸;£.s)À?ÿÿe 
    > .s)Ò.s)Ó


    By "uses port 110" is that the destination port of the initial
    connection? i.e. are you saying that you know for sure your computer
    is initiating a session from itself (usually on a high port number) to
    the pop3 port of the mail server?

    If so, what are your mail client's settings for the mail servers with
    respect to transport layer security?

    Finally, for the win, what process is associated with this network
    connection? Find out with Microsoft's free tcpview utility (they
    purchased sysinternals years ago, and this is good stuff):
    http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx

    It's possible that you have a trojan that might use your configured
    mail server to do its phoning home. It wouldn't be my communication
    method of choice but who knows, maybe some botnet creator decided that
    it might go unnoticed and you're onto something big. It's also
    possible your (undisclosed?) mail client or OS is doing this as part
    of normal operation.

    --
    Todd H.
    http://www.toddh.net/
     
    Todd H., Jul 6, 2009
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Silverstrand

    Resource Hacking Part 2

    Silverstrand, Jun 21, 2005, in forum: Front Page News
    Replies:
    0
    Views:
    1,010
    Silverstrand
    Jun 21, 2005
  2. John

    Hacking Transcender

    John, Aug 17, 2004, in forum: Microsoft Certification
    Replies:
    1
    Views:
    1,401
    Mark Fugatt [MVP]
    Aug 17, 2004
  3. Replies:
    3
    Views:
    3,802
    Walter Roberson
    Apr 27, 2007
  4. Burkhard Ott

    Re: hacking through a mail server?

    Burkhard Ott, Jul 6, 2009, in forum: Computer Security
    Replies:
    0
    Views:
    612
    Burkhard Ott
    Jul 6, 2009
  5. Todd H.

    Re: hacking through a mail server?

    Todd H., Jul 6, 2009, in forum: Computer Security
    Replies:
    0
    Views:
    651
    Todd H.
    Jul 6, 2009
Loading...

Share This Page