Book Image

Wireshark Network Security

By : Piyush Verma
Book Image

Wireshark Network Security

By: Piyush Verma

Overview of this book

Table of Contents (14 chapters)
Wireshark Network Security
Credits
About the Author
Acknowledgment
About the Reviewers
www.PacktPub.com
Preface
Index

Analyzing attacks on e-mail communications


E-mail communications can be tampered with to send spam messages and fake e-mails from important mail accounts, and even the recent Shellshock vulnerability can be exploited.

The users on an SMTP server can be enumerated by using the EXPN, VRFY, or RCPT commands. This can be achieved either manually by simply connecting to the SMTP server over port 25 and running the respective commands as shown in the following screenshot, or automatically via tools such as Nmap and Metasploit, which are discussed further in this section.

Manual SMTP enumeration using VRFY command

Detecting SMTP enumeration

To detect any SMTP enumeration attempts, we need to look for the following indications:

  • A lot of VRFY or EXPN commands in the trace file

  • Packets containing MAIL and RCPT commands with very less or no DATA commands

  • A significant number of packets containing SMTP response code of 550

  • Bunch of RSET commands

Using auxiliary module in Metasploit

Metasploit contains an auxiliary...