Can an hacker piggy back our email?

[mhaff]

We have a couple of users today that are having trouble
sending email. They are getting a time out error.
The rest of us are having no trouble.
We are on a small network of 10 users, we use the same
server and the same DSL router. We do not host our
own email server. Each user has a seperate POP account
on the same outside server for incoming mail and we
all use the same SMTP server. After doing some resarch,
I'm a little suspicious that these particular users are
victims of a hacker. I read of the possibility that a hacker
can get into your system, then when you send email, they
piggy back it to send other things invisible to you.

Is this likely? If so, how can I verify it?
Keep in mind that I am the psuedo IT guy here with
no formal training in network communications. My skills
are limited.

Thank you.

 

[Sapient2003]

The DSL router would prevent external access to the computers on the same LAN segment. There are some exceptions to this, but by default external access would be blocked from initiating a connection (the three-way-handshake, mainly blocking SYN packets).

If the computers are connected to a switch, then the swith the the router, I would suggest checking thw switch configuation, particually the VLAN settings.

If the computers are connected to a hub, then to the router, I suggest reviewing the router configuration. I am only familiar with CISCO routers, so some of my instructions my not apply to you. First. Check the start up configuration (router# sh start). Now check the running configuration (router# sh run). If the results differ, then somebody has changed some router setting, but forgot to save it (router# copy run start). This is a good indication that somebody had been tampering with your DSL router. Check for any access control lists, and see if they match your criteria.

The problem may not be the DSL router's fault. It may be the individual computers that are causing the problems. Someone may have modified the Network settings in the Control Panel. If the computers run WIndows XP, make sure that the embedded firewall hasn't been messed with, as to were to block outgoing connections.



--Sapient2003 - sapient@sapient2003.com
"The worst insecurity is believing you are too secure."

 

[SgtB]

Step 1)Get a firewall to put between the DSL Router, and the LAN. Apply appropriate rulebase. Do not allow your LAN to access everything. Only what they need. If you need assistance with this post here, and we'll help.
Step 2)Put a packet sniffer on the suspect machine(s), and send an email. You'll see (in plain text) what's going out. Packet sniffer at

http://www.ethereal.com

.
Step 3)If suspect machine is compromised, then rebuild it. If email looks normal, then the problem most likely lies somewhere in the OS networking.

Personally, I don't think this is an attack. Sounds like some sort of networking/OS issue. Either way, get a firewall in place. DSL routers can be ok packet filters I guess, but I'd never trust just a router for my security.



Cool upcoming game! Check it out!

http://www.planetside-universe.com

!

 

[cjhacon]

Are you still having trouble? I may be able to help

 

[mhaff]

Not currently. The symptoms cleared up as mysteriously as they
appeared. I keep telling mgmt here that we need better security, but they only agree when things are broke. I'm sure we'll have the problem again though. That kind of thing just doesn't happen and then go away forever without a fix.