Help Gmail to improve SPAM filtering
I found out there is a new feature in Google’s Gmail service, you can now report the SPAM emails to the Gmail anti-SPAM team.
Here’s the screenshot of it:
This means that Google is to improve their already good anti SPAM filtering. Thats good news for all of us! Let’s celebrate New Year with less viagra and free porn sites 
GoDaddy promo codes
I am posting this as a personal memo, so that I don’t have to google it everytime. Please enjoy variety of discount codes. I would appreciate if you could drop a line with the outcome of your coupon, did it work?
- OYH3 - $3 off / $6.95 any .COM (renewals too… just used it)
- YH1 - 10% off whatever
- BTPS7 - 20% any order of $50 or more
- BTPS20 - 25% any order of $100 or more (expires Dec 21st)
- BTPS4 - 10% off anything
- OYH2 - $5 off a $30 purchase
- chill1 - 10% off
- chill2 - $5 off $30
- chill3 - $6.95 .coms
- hash1 - 10% off
- hash2 - $5 off $30
- hash3 - $6.95 .com registration
- gdd1101c - 10% off any order of $40 or more
Telekom Malaysia blocks outgoing port 25
Telekom Malaysia (TM) is blocking out port 25 on all dynamic IPs(residential IPs) effective from 3rd December 2007.
Well, this means:
- TM has issues with spammers. Be it zombie machines with trojans, viruses and spywares.
- All the local businesses that run internal E-Mail servers will have to find other ways.
It’s not a big deal actually, but again if you are doing this kind of things that means something out of your control is happening and you have to block it. Otherwise I believe it’s a very widely used port.
The TM’s corporate users, the one who has fixed IPs do not have to worry, since this does not effect them.
For the home/soho users I will be writing a nice how-to on this matter in a few days time.
Of hubs, switches and network security
At the Network layer, hosts are identified by IP addresses. At the Data Link layer, however, hosts are identified by MAC addresses. All packets (in ethernet) are delivered by MAC address (ARP and RARP convert between IP and MAC addresses).
To conserve bandwidth, switches direct traffic to a specific port based on the target MAC address (as opposed to hubs which simply broadcast all packets to all ports). This allows multiple peer-to-peer conversations to occur at the same time as each conversation only requires two ports (whereas in a hub each conversation occupies all ports!) Hence, bandwidth management; not security 
.
For a switch to know which port connects to which MAC addresses, the switch creates and manages a CAM table (a simple mapping between port and MAC address(es)). If no Port Security, this table is dynamic and changes over time (to allow for hosts to appear, disappear and move between ports). The switch learns the CAM table mappings by monitoring the source and destination MAC addresses in packets that it directs.
Now look at the Port Stealing slide. Send layer 2 packets with “source address equal to victim host address” and “destination address equal to its own mac address”. Taking these in reverse order, the switch will direct the packet to the port mapped to the destination address, the attackers “own mac address”; i.e. the packet will return to the attackers host (so no other hosts will notice the packet). At the same time, the switch will record the source address of the packet against the port it came from in the CAM table; i.e. the victim host (MAC) address against the attacker’s port. If you looked in the CAM table, you’d now find the attackers port mapped to both the attackers MAC address and also the victim’s MAC address.
The switch will now direct the next packet targeted at the victim’s MAC address to the attackers port (based on the CAM table entry) - the port is ’stolen’.
To relay the packet to the correct port (so that the conversations can continue uniterrupted), the attacker needs to get the CAM table back to the original state, i.e. with the victim’s port mapped to the victim’s MAC address. This is achieved by issuing a broadcast ARP request for the victim’s IP address. Broadcast means the request will go to all ports (including the victim). When the victim responds, the switch will record the new CAM table mapping (back to where it was originally). The captured packet can now be resent by the attacker and correctly directed by the switch to the victim’s port.
Now (and this is the scary bit) to get and relay the _next_ packet, the attacker needs to repeat the entire process. It looks like a lot of work and is why I raised queries about whether or not packets would be dropped. NaGA says ‘not necessarily’ which is fair enough.
URL: http://ettercap.sourceforge.net/forum/viewtopic.php?t=2329
My Firefox Extensions
Do you use Mozilla Firefox? Or its variants?
Here’s my firefox plugins, they help me a lot and save lots of time. What are your plugins? Please leave in the comments.
About
Welcome to Arstan's personal blog. This blog includes tips on Linux, Apache, MySQL, Shell Scripts. Hardware/software and internet technologies reviews and updates.
