Showing posts with label smtp. Show all posts
Showing posts with label smtp. Show all posts

Friday, June 29, 2007

Computer threat - Network Security

Every TCP package have 'flag bit’ defining content and intention of each package.

Example:
    A package with flag bit contain "SYN or SYNCHRONIZE" will undertake to conduct initiation connection from sender to recipient. A package with flag bit contain "ACK" will undertake to inform receiver about sender information.
    While a TCP package with beet flag contain "FIN" or "FINISH" undertaking to stop connection from sender to recipient.
To build a TCP connection, need data transfer package between two host, transfer of this data recognized by the name of "TCP Three-Way Handshake" as below picture.


Computer Network Threat

Threat is very harmful to the entire system and also by application at internal and external network.

The threat as follows:

Remote Login - this matter happened when someone capable to connect to a computer and have ability to control to several things related to resource found on the host or computer.

Application Backdoors - some program have special ability to access with long distance (remote access). Some bug program, exactly contain a backdoor or hidden access providing level control the computer and program.

SMTP session hijacking - SMTP is most commonly method used to deliver E-mail. By getting E-mail mailing-list, someone can deliver undesirable E-mail to thousands of or more users. This matter is called unsolicited junk mail or spam.

Spamming conducted with joining SMTP server which not suspect, then deliver thousands of E-mail called redirecting process, so that complicate to detect who is the real sender of the Mail Spam.

Operating system bugs – In application, some operation system have conducive security gap to be exploited illegally.

E-mail bombs - is an Individual attack, someone send hundreds or thousands of E-mail to one address so the victim E-mail cannot accept E-mail anymore.

Macro - To make simple or facilitate procedure an application, many application program permit us to make command which can be run by the program (script). By exploiting ability of script or macro, attacker can cause damage of data at computer.

Virus – Most known to make trouble at computer. The growth of virus from method, way of, making, effectiveness, damage storey, and also speed of spreading is different each other.

Redirect bombs – Hacker or Cracker can use ICMP to change direction of information and attack to other router.

Source routing - At many case, a data package which work through one or some network determined by router pass to route information by the router, but sometime hacker used the package as the real sender.

Another type of computer attack are from (next posted about this) :
    Denial of Service (DoS)
    Spoofing
    Broadcast Amplification
    TCP SYN

The method to run the threat above, can be conducted variously including using virus.

- 1 comment:
Labels: , , , , , , , , , , , , , , ,

Monday, June 4, 2007

General Computer Port list

Just another General Computer port. Computer Network Administrator must know below computer port and my previous posted about Computer Port List.

What is TCP/UDP?
TCP and UDP are transport protocols used for communication between computers.

TCP:Abbreviation of Transmission Control Protocol, and pronounced as separate letters. TCP is one of the main protocols in TCP/IP networks. Whereas the IP protocol deals only with packets, TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and also guarantees that packets will be delivered in the same order in which they were sent.



UDP:Short for User Datagram Protocol, a connectionless protocol that, like TCP, runs on top of IP networks. Unlike TCP/IP, UDP/IP provides very few error recovery services, offering instead a direct way to send and receive datagrams over an IP network. It's used primarily for broadcasting messages over a network.

Service Name

UDP

TCP

Browsing datagram responses of NETBIOS over TCP/IP

138

Browsing requests of NetBIOS over TCP/IP

137

Client/Server Communication

135

Common Internet File System (CIFS)

445

139,445

Content Replication Service

560

Cybercash Administration

8001

Cybercash Coin Gateway

8002

Cybercash Credit Gateway

8000

DCOM (SCM uses UDP/TCP to dynamically assign ports for DCOM)

135

135

DHCP Client

67

DHCP Server

68

DHCP Manager

135

DNS Administration

139

DNS client to server lookup (varies)

53

53

Exchange Server 5.0

Client Server Communication

135

Exchange Administration

135

IMAP

143

IMAP (SSL)

993

LDAP

389

LDAP (SSL)

636

MTA – X.400 over TCP/IP

102

POP3

110

POP3 (SSL)

995

RPC

135

SMTP

25

NNTP

119

NNTP (SSL)

563

File shares name lookup

137

File shares session

139

FTP

21

FTP-data

20

HTTP

80

HTTP-Secure Sockets Layer (SSL)

443

Internet Information Services (IIS)

80

IMAP

143

IMAP (SSL)

993

IKE

500

IRC

531

ISPMOD (SBA 2nd tier DNS registration wizard)

1234

Kerberos de-multiplexer

2053

Kerberos klogin

543

Kerberos kpasswd (v5)

464

464

Kerberos krb5

88

88

Kerberos kshell

544

L2TP

1701

LDAP

389

LDAP (SSL)

636

Login Sequence

137, 138

139

Macintosh, File Services (AFP/IP)

548

Membership DPA

568

Membership MSN

569

Microsoft Chat Client to server

6667

Microsoft Chat server to server

6665

Microsoft Message Queue Client

1801

1801

Microsoft Message Queue Server

3527

135,2101

Microsoft Message Queue Server

2103, 2105

MTA – X.400 over TCP/IP

102

NetBT datagrams

138

NetBT name lookups

137

NetBT service sessions

139

NetLogon

138

NetMeeting Audio Call Control

1731

NetMeeting H.323 Call Setup

1720

NetMeeting H.323 streaming RTP over UDP

Dynamic

NetMeeting Internet Locator Server ILS

389

NetMeeting RTP audio stream

Dynamic

NetMeeting T.120

1503

NetMeeting User Location Service

522

NetMeeting user location service ULS

522

Network Load Balancing

2504

NNTP

119

NNTP (SSL)

563

Outlook (see “Exchange” for ports

Pass Through Verification

137, 138

139

POP3

110

POP3 (SSL)

995

PPTP control

1723

Printer sharing name lookup

137

Printer sharing session

139

Radius accounting (Routing and Remote Access)

1646/1813

Radius Authentication (Routing and Remote Acces)

1645/1812

Remote Install TFTP

69

RPC Client Fixed port session Queries

1500

RPC Client Using a Fixed port session Replication

2500

RPC Session Ports

Dynamic

RPC User Manager, Service Manager, Port Manager

135

SCM Used by DCOM

135

135

SMTP

25

SNMP

161

SNMP Trap

162

SQL Named Pipes Encryption Over Other Protocols Name Lookup

137

SQL RPC Encryption Over Other Protocols Name Lookup

137

SQL Session

139

SQL Session

1433

SQL Session

1024 - 5000

SQL Session Mapper

135

SQL TCP Client Name Lookup

53

53

TelNet

23

Terminal Server

3389

UNIX Printing

515

WINS Manager

135

WINS NetBios Over TCP/IP Name Service

137

WINS Proxy

137

WINS Registration

137

WINS Replication

42

X400

102



- No comments:
Labels: , , , , , , , , , , , , , , , , , , ,

Wednesday, May 2, 2007

SMTP Investigation for Telkom adsl connection


Investigate SMTP Connection for TELKOM ADSL :

Below is a FAQ to investigate SMTP Relay, smtp.telkom.net. Follow this step to do smtp investigation:

1. Run test nslookup to the smtp telkom server :








IP not found from smtp.telkom.net?, check your DNS number, don’t know your DNS number ? You can asked what’s the DNS number for your telkom connection to astinet customer service (147).

2. Run ping to smtp server :



When your ping results is RTO (Request Time Out), that’s means your computer/network is unconnected with telkom server. You have to checked your adsl connection or adsl modem indicator. ADSL indicator lamps is blink that’s mean no adsl signal to your modem or cannot login.

3. Tracert into smtp server :


Tracert result display is indicated server found.



4. Test send email via telnet :



Sending email via telnet, used for tested into smtp telkom.net server. Do this test if sending mail via Outlook express failed.

Above picture is a Linux testing result, for the process step you can do via cmd (command prompt) windows, but the words that you type is disappear.

If you see the above picture result, that’s means sending email via telnet is successful, but send mail using Outlook Express almost failed, Had to checked your Outlook express software.

If all step had been done, but cannot send mail, check from your server side :

1. Are your server using Firewall ?
2. Check your ADSL configuration, do not block smtp (25 port)
3. Do you have anothers application problem with your server ?, example : wingate ?

Note for wingate had special configuration for SMTP mail server, check your wingate configuration.


Technorati Cosmos: other blogs commenting on this post


- No comments:
Labels: , , , , , , , , , , , ,
Subscribe to: Posts (Atom)

Linux Software RAID

Introduction The main goals of using redundant arrays of inexpensive disks (RAID) are to improve disk data performance and provide data re...

  • My Visitor
    This site started on Wednesday, May 2, 2007, This site is talking about the Computer Technology, networking, gadgets and others regarding t...
  • Blog reaction exchange
    The intention of tagged train or exchange link is to increase your Technorati rating as well as your Google PR and other search engines. Tha...
  • Computer threat - continued
    Another threat to the computer and network as follows: Denial of Service (DoS) This type entangling the hacker and or a certain party to sen...