Sender Policy Framework: Protect Your Domain Reputation From SPAM
One of the more correct responses to hackers (computer people) devaluating your assigned IP's, your domain names and your email addresses, by sending SPAM in your name, is called Sender Policy Framework (RFC 4408). http://OpenSPF.org is the most commonly cited authority on the subject, however when their Web site is under attack or otherwise unavailable, there is also http://OpenSPF.net, which seems to be a mirror site.
Sender Policy Framework (SPF) is simply a TXT and / or SPF record that you put in your domain and Web server's Domain Name System (DNS). If you have a hosting company handle that for you, they'll likely do it on request, hopefully without charge.
There have been "Wizard's" on the Web, that have come and gone, to help you with the syntax and implementation of SPF. My favorite de jour is (oddly) from Microsoft. The wizard will help you with the syntax of the TXT and / or SPF record for your DNS (intended to support RFC 2822 and / or RFC 2821). Whether you implement SPF yourself or you have your hosting company implement if for you, you can and should test the code, on a domain-by-domain basis from another wizard on the Web, to insure it is at least implemented correctly.
It seems odd that I would choose Microsoft to support SPF, in light of their competing Sender ID. I think it's because the DNS record syntax's are much the same. In example, the SPF code I might chose and that provided by Microsoft's robot seem to differ in approach, more than syntax:
cPanel approach: "
v=spf1 a mx ip4:XXX.XXX.XXX.XXX ip4:YYY.YYY.YYY.YYY -all
"Microsoft's approach: "v=spf1 ip4:
YYY.YYY.YYY.YYY -all"cPanel's version (above) says mail can only be sent from the domain's mail server or from the domain server itself, assuming the IP's are not the same. Microsoft's version (above -- depending on the data you put into the wizard) says email may only be sent from the domain server.
The record is inserted into your DNS, as one example:
exampledomain.com IN TXT "v=spf1 ip4:
YYY.YYY.YYY.YYY -all"exampledomain.com IN SPF "v=spf1 ip4:
YYY.YYY.YYY.YYY -all"The SPF and TXT records have the same content. According the the SPF Testing Tools site, "SPF records should also be published in DNS as type SPF records". That said, cPanel and Web Host Manager don't support "SPF" type DNS records natively, so those users will have to be content with having SPF implemented in a TXT record.
Email was the 3rd attack on my Web presence. SPF, together with a secure certificate on the mail server, seems to have handled the SPAM forging problem in large part. There are other choices that can be made on your mail server which restrict Simple Mail Transport Protocol (SMTP) mailings to those senders that can authenticate their domain and/or IP address, including Domain Keys (DKIM). Thereby, Simple Authentication and Security Layer (SASL) become's an unnecessary option (unless a secure certificate is not an option, as in the case of shared hosting).
The 1st type of attack on my Web presence began while attending a local computer certification school, having been exposed to more job competitiveness, I found my Web site under constant attack. No big deal, as the hackers found out: I can bring the Web site up faster than they can take it down, so they turned to attacking my Internet connection. That had been an off-and-on thing that was a major impediment to my getting more certifications, as some of the mandatory training is on the Web.
I resolved the majority of the 2nd type of Web attacks by writing a script in Cisco IOS for a Cisco 860/880 firewall (OK, security device for you Cisco sticklers). The consumer routers weren't even seeing the hackers as they blew past those appliances. (Those other routers had been marketed as firewalls and were by no means inexpensive.) The script continues to mature as I understand more about the nature of the problem. That router (along with a Windows script) has afforded me the possibility of getting back on the Web without some hacker taking my computers or network apart. (I muse as who whom actually employs these hacker people, who are obviously computer people, and sees fit to allow them behind their company's firewall....)
My solution for Denial of Service Attacks may be to simply take the Road Runner modem back to Time Warner....
One of the most recent attacks seems to be a Denial of Service Attack. According to Carnegie Mellon University's Computer Emergency Response Team (CERT -- now part of the Department of Homeland Security): "Unfortunately, there are no effective ways to prevent being the victim of a DoS or DDoS attack". It's a stand-off. I can't get data out or in past my Road Runner modem, and those out in Road-Runner-land can't get data in past my Cisco firewall. My solution for Denial of Service Attacks may be to simply take the Road Runner modem back to Time Warner and have them seek other customers who are willing to pay by the month for Internet access that only works intermittently.
Typical connection:
"Denial of service" attack:
(Thanks to news.cnet.com/2100-1017-236728.html for the images.)
You don't want your only Internet service provider to be Road Runner, as I recently found out. Apparently someone used a Man-in-the-Middle ARP attack to access some of my email accounts, change the password, and delete offers from potential employers. (I have to wonder how many they deleted before an employer finally called to see if I had received their email.)
I have found ARP protection software for Linux / Unix (Slackware, in my case), to protect against Man-in-the-Middle attacks, but haven't tested any for Windows, so far. More about ARP and DDOS attacks later.
Posted by John Dodrill at 2/18/2012 5:07 AM 
Categories: uncategorized
Tags: ARP DDOS DDOS attack Denial of Service Denial of Service attack Man-in-the-Middle Man-in-the-Middle attack CERT Computer Emergency Response Team Cisco 860/880 Cisco IOS router SPF SMTP Simple Mail Transport Protocol DNS record cPanel wizard TXT Domain Name System DNS OpenSPF.net OpenSPF.org SPAM email IP domain name
Categories: uncategorized
Tags: ARP DDOS DDOS attack Denial of Service Denial of Service attack Man-in-the-Middle Man-in-the-Middle attack CERT Computer Emergency Response Team Cisco 860/880 Cisco IOS router SPF SMTP Simple Mail Transport Protocol DNS record cPanel wizard TXT Domain Name System DNS OpenSPF.net OpenSPF.org SPAM email IP domain name
Comments