IMT - 92: NETWORK SECURITY
ASSIGNMENT - 1
1. What are the differences between DNS lookup and Reverse DNS lookup?
2. How can you trace an abusive email on the Internet?
3. What steps do you need to follow to send a spoofed email from billgates@microsoft.com to your best friend?
4. Carry out a line-by-line detailed analysis of the following email header:
X-Apparently-To: ankitfadia2001@yahoo.com via 68.142.206.39; Tue, 01 Jan 2008 07:51:02 -0800
X-Originating-IP: [209.191.124.119]
Return-Path: <chaf_top@yahoo.com>
Authentication-Results: mta294.mail.mud.yahoo.com from=yahoo.com; domainkeys=pass (ok)
Received: from 209.191.124.119 (HELO web38008.mail.mud.yahoo.com) (209.191.124.119) by mta294.mail.mud.yahoo.com with SMTP; Tue, 01 Jan 2008 07:51:02 -0800
Received: (qmail 75045 invoked by uid 60001); 1 Jan 2008 15:51:02 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail OSG:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=n7Z8yvU8dl5/5NCv241EXAL18FKFTIg5kB5HNAW/Fvq5KhRBexLBlGsm2ogSq3cu0/R2hZoWtEqZiNZROx/mI4a2CndacN24yGyxIKfC1b1ixeEhTN9/k1gD85U0UQDMFNzNcdVoFk922SncG2BCntFxCkIo2Jut3VVdnrv1C9Y=;X-YMail-OSG: QNpAifEVM1lcfKFx3Ay.9VdiBphyL7jT0E_mg5qVL9gPn1tbfN8A7fSXAo0xtJJF0XteyqMgtVyzD4d5tRv.njZ_cSrdbXVKvPB5dMl5BqR1IpoKEZj2pcLunC7dUw-
Received: from [196.201.201.177] by web38008.mail.mud.yahoo.com via HTTP; Tue, 01 Jan 2008 07:51:02 PST
Date: Tue, 1 Jan 2008 07:51:02 -0800 (PST)
From: "chaf de souza" <> Add to Address Book Add Mobile Alert
Yahoo! DomainKeys has confirmed that this message was sent by yahoo.com. Learn more
Subject: IMPORTANT FOR FOREIGN STUDENT
To: ankitfadia2001@yahoo.com
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-599614051-1199202662=:73737"
Content-Transfer-Encoding: 8bit
Message-ID: <476717.73737.qm@web38008.mail.mud.yahoo.com>
Content-Length: 1829
5. Find out the exact geographical location of the sender of the email with the following headers:
X-Apparently-To: ankitfadia2001@yahoo.com via 68.142.206.41; Mon, 31 Dec 2007 20:02:37 -0800
X-Originating-IP: [209.191.90.74]
Return-Path: <vineet@udaantravel.com>
Authentication-Results: mta261.mail.re4.yahoo.com from=udaantravel.com; domainkeys=neutral (no sig)
Received: from 209.191.90.74 (HELO web801.biz.mail.mud.yahoo.com) (209.191.90.74) by mta261.mail.re4.yahoo.com with SMTP; Mon, 31 Dec 2007 20:02:37 -0800
Received: (qmail 73717 invoked by uid 60001); 1 Jan 2008 04:02:36 -0000
X-YMail-OSG: vj_jELkVM1m.5nfWWK8MNyd4s6PSk7kF9QqubwddySNz8vkLb_G3hvRRfO9jxI5DyCCxA9FcAi. xsqWsn4LYMPOyg6qEtF0cpGnIjotB2Y4pgo4-
Received: from [71.177.119.70] by web801.biz.mail.mud.yahoo.com via HTTP; Mon, 31 Dec 2007 20:02:36 PST
Date: Mon, 31 Dec 2007 20:02:36 -0800 (PST)
From: "VINEET BADHWAR" <vineet@udaantravel.com> Add to Address Book Add Mobile Alert
Reply-to: VINEET@
Subject: HAPPY NEW YEAR
To: vineet@
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1640175783-1199160156=:73312"
Content-Transfer-Encoding: 8bit
Message-ID: <538044.73312.qm@web801.biz.mail.mud.yahoo.com>
Content-Length: 1290
6. How can you check your POP email manually? How can you crack POP
email account passwords?
7. How can you secure email communication?
8. How can you attach files to a forged email sent through Sendmail?
9. Describe some risks associated with Instant Messengers.
10. If you have received an email from your friend, how can you tell whether it is spoofed or not?
ASSIGNMENT - 2
1. What are SQL Injection attacks? How do they work? What are some dangers associated with them? Suggest some counter-measures against SQL Injection.
2. How can a system administrator prevent email forging from taking place on their network?
3. What are the different types of ports on a system?
4. How can you prevent input validation attacks on a system?
5. Describe some strategies to fight email spam.
6. How can a system administrator mislead an attacker probing different ports?
7. Discuss the pros and cons of the various types of mail bombing strategies.
8. How can you send a forged email to multiple individuals through BCC?
9. How would you crash a remote system through Instant Messengers?
10. Is this possible: You telnet to Port 23 and the FTP daemon shows up? What is going on if this happens? How is it done?
ASSIGNMENT - 3
1. Explore the various ports (1-100) of the following systems (Kindly submit actual logs as your answer):
www.hackingmobilephones.com
ww.imt.edu
2. Give examples of 3 REAL Websites that actually exist on the Internet that suffer from an input validation loophole or an SQL Injection loophole.
|