Case Study

The MED is an Educational Computer Lab at UTC (a university in Latin América). This lab is run entirely by students. The lab was created for two purposes: 1) to manage the network used by the Computer Science (CS) department's teachers and students, which includes the professors' desktops, the servers, switches, firewalls, and so on, and 2) to expose students to a real-world environment where they can learn the legitimate skills of SysAdmins.

On Saturday morning, IO, one of the SysAdmins, gets a call from Professor X in the CS department. Professor X is angry and anxious because his email isn't working and he has a paper due on Monday. He had already performed the basic test—sending himself email to and from other email accounts. IO and PEEL (another SysAdmin) go to the MED and start debugging the email server. After some analysis they find that Exim, the open-source mail transfer agent (MTA) for receiving and delivering email messages, is crashing every time it tries to process the outgoing queue.

After restarting the service and running the command manually from the command line in debug mode, they jump into analyzing the core but have no clear answer about what's happening. They finally check how many emails are in the queue and find close to 100,000 emails! Knowing this, they have no doubt the server is being DoSed. After a quick analysis of the messages in the queue, they determine that all of them are coming from a machine inside the MED. They locate that machine and promptly pull out the network cable.

So the DoS is contained, and they return to restoring service. This is a no-brainer. With a Perl script, they move all the emails that match the attacker's IP address from the queue into another folder for later analysis. Once the folder is clean, they restart the service and all is well. They locate the student and his team who were responsible for the attack and grill them about what happened. It turned out there was no malicious activity taking place at all. A watchdog was sending an email every two seconds reporting a lost connection. To make things worse, the team's email accounts were full so they started bouncing messages.

After the mishap, the students fixed their code, the professor got his paper in on time, and the SysAdmin didn't get any glory—as usual. And by the way, after this incident the mail service was migrated to Postfix 19990906.

The Simple Mail Transfer Protocol (SMTP) is better known for allowing the exchange of email, a communication medium that, despite the increasing popularity of Instant Messaging (IM), is still the most widely used collaboration tool on the Internet, in use since 1982 (RFC 822, which has been recently updated by RFC 2822). Email is broadly involved in network activities ranging from being one of the most used social mediums to all kinds of automated processes, monitoring systems, transaction systems, and so on. In this chapter we'll cover SMTP basics, as well as its components that are involved in mail services security.

Was this article helpful?

0 0
The Ultimate Computer Repair Guide

The Ultimate Computer Repair Guide

Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.

Get My Free Ebook


Post a comment