Attack Over Email System: Review
Total Page:16
File Type:pdf, Size:1020Kb
International Journal of Scientific Research & Engineering Trends Volume 3, Issue 5, Sept.-2017, ISSN (Online): 2395-566X Attack over Email System: Review Anuradha Kumari Nitin Agrawal Umesh Lilhore Computer Science & Engineering Computer Science & Engineering Computer Science & Engineering NRI Institute of Information Science & NRI Institute of Information Science & NRI Institute of Information Science & Technology, Bhopal, India Technology, Bhopal, India Technology, Bhopal, India Email: [email protected] Email: [email protected] Email: [email protected] Abstract – Email has become an integral part of our life. Email is reliable and authentic method for exchanging message. But Email systems are facing increasing security threats from local and distributed unethical elements. Keeping the email system secure is of supreme importance to every organization whether running its own emails system or using email services from internet service provider (ISP). Denial of service (DoS) attacks is more prevalent on email system. Various DoS attacks on email system are Chain bombs, error message bombs. Zip bombs and mass mailing bombs. In this paper email architecture and their security issue is discuss and explain their vulnerability with counter measure . Keywords – Email, Web Mining, Dos Attack, Email Bombing, Mass Mailing. I. INTRODUCTION flood the mail server so that mail server becomes occupied or is unserviceable [3]. Mass e-mail attacks also used to Web technology is used to implement the “Web or fake the identity of the intruder, degrade the accessibility www” portion of Web Services. Web servers and web of communications systems, damage the integrity of browsers are communicating client-server computer institution, or secretly share out illegitimate material. programs for distributing documents and information, generally called web data, over the Internet. Web data are II. ARCHITECTURE OF EMAIL SYSTEM marked up in the HTML language for presentation and interaction with people in web browsers. Each web server The first uniform architecture for email defined an email uses an IP address or domain name as well as a port system into user world and transfer world as shown in the number for its identification [6]. People use web browsers figure 1. User world is defined as Mail User Agents to send data requests to web servers with the HTTP (MUA), and the transfer world, as Mail Handling Service protocol, and the web servers running on server computers (MHS) [8]. Mail Handling Service is composed of Mail either retrieve the requested data from local disks or Transfer Agents (MTAs). The MHS accepts an email from generate the data on-the-fly, mark up the data in HTML, one sender and delivers email to other users. MHS and send the resulting HTML files back to the web predefine a virtual MUA-to-MUA exchange environment browsers to render. Apache, Tomcat and IIS are popular [8]. Sender-to-receiver Internet Mail exchange is web server programs, and IE and Firefox are popular web performed by using a uniform infrastructure. Mail browsers. exchange system has four components namely Email Email is one of the most common applications used Object, Global Addressing, Point-to-Point Transfer daily by millions of people world-wide. Email is Mechanisms, No requirement for Author, Originator, or transmitted over internet by email transmission Protocol Recipients to be online at the same time. such as Simple Mail Transport Protocol (SMTP) or Secure/Multipurpose Internet Mail Extensions (MIME). SMTP according to [1] defines the message format and SMTP server (mail transfer agent) stores and routes message throughout the internet. Mail Transfer Agents (MTA) uses the Simple Mail Transfer Protocol (SMTP) for relaying emails. MTA is commonly a target of planned or unplanned DoS attacks. A few emails may totally load an email server resulting in a Denial of Service (DoS) condition. In SMTP DoS the delivery procedure is harmed so much that the legitimate e-mails are affected with a non-tolerable delay [2]. Email bombing is one form of SMTP denial of service attack that floods an inbox and mail server with messages. The email bomb may also damage in the form of loss of internet connectivity and many more [3]. These cases may result in more serious problems especially if one is using internet connection for Fig.Ошибка! Текст указанного стиля в документе business purposes. E-mail bombs have one key objective: отсутствует.. Architecture of Network Email © 2017 IJSRET 200 International Journal of Scientific Research & Engineering Trends Volume 3, Issue 5, Sept.-2017, ISSN (Online): 2395-566X Mail Handling Service (MHS) The Mail Handling Service (MHS) as shown in the figure 2 accomplish a sender-to-receiver transfer of mail. Transfers of email are performed using one or more Relays. Email services in organization typically have only one Relay [8]. Relay TheRelay accomplishes routing of email from sender to receiver, by transmitting or retransmitting the email as shown in figure 1-3. The Relay appends routing information [RFC2505]. Relay does not alter the message content or information on message envelop. Relay may alter message content type, like binary to text as per the suitability of the next node in the MHS [8]. Fig.3. Main Components of Email System In addition to main components shown in figure above, a few notification and filtering components are present in Internet mail architecture: Delivery Status Notification (DSN) A Delivery Status Notification (DSN) is a notification message. DSN may be generated by the MHS components like MSA, MTA, or MDA. MDA and MTA are sources of DSNs and S-MSA is its recipient. DSNs provide notification about message transfer, such as errors in email transfer or successful delivery [8]. Message Disposition Notification (MDN) A Message Disposition Notification (MDN) is a notification. MDN gives information related to post- delivery processing, such as representing that the email Fig.2. Email Architecture with Relay has been displayed. MDN may be originated by an R- MUA and is received to the S-MUA [8]. The Internet Mail architecture composed of six basic Message Filter (MF): types of components as shown in the figure 1-4; all Message Filter is a scripting language to state conditions components are needed to perform a store-and-forward for handling of mail, typically at the time of delivery. operation of email [8]. Scripts may be used in a variety of ways, as a MIME part. Message filter script operates from the R-MUA to the 1. Message MDA. However, message filtering is done at many points 2. Mail User Agent (MUA) along the transfer path [8]. a. Sender’s Mail User Agent (S-MUA) Message Data b. Receiver’s Mail User Agent (R-MUA) The purpose of the Mail Handling Service (MHS) is to send the message from its originator to its recipients. A 3. Message Submission Agent (MSA) message is composed of a route-information envelope and a. Sender’s Message Submission Agent (S-MSA) the message content. The envelope contains details used b. MHS’s Message Submission Agent (H-MSA) by the MHS. The message content is parted into a header 4. Message Transfer Agent (MTA) part and the body part. The header part comprises route 5. Message Delivery Agent (MDA) information and body part comprises sender’s message a. MHS’s Message Delivery Agent (MDA) contents. The body may be lines of text or attachments [8]. b. Receiver’s Message Delivery Agent (R-MDA) Mail User Agent (MUA) The Sender’s MUA (S-MUA) generates a message and 6. Message Store (MS) performs submission of message into the Mail handling a. Sender’s Message Store (S-MS) service through a Mail Submission Agent (MSA). S-MSA b. Receiver’s Message Store (R-MS) may arrange messages in many ways. The common way of arranging messages is in "folders". Folder method creates a folder for messages under development known as Drafts. © 2017 IJSRET 201 International Journal of Scientific Research & Engineering Trends Volume 3, Issue 5, Sept.-2017, ISSN (Online): 2395-566X Draft is a folder for Queued or Unsent messages waiting to transfer method. Transfer from an MDA to an MS is done be sent. Messages that have been posted are kept under through an access protocol, like as POP or IMAP. Sent folder [8]. The Recipient MUA (R-MUA) works on Gateways Recipient’s side to receive and process email. Processing A Gateway does the basic transfer and routing work of at receiver side includes generating user-level control email relay. Gateway is allowed to alter address, content, messages, displaying the received message, replies and structure, or other attributes. Modifications are needed to forwarding new messages. send the email into a messaging environment under Message Store (MS) different internet standards or mismatched policies. The An MUA make use of a Message Store (MS). MS may critical difference between a Gateway and an MTA is that be on a server or on the local machine as the MUA. An former may make essential changes to a message required MS gets email from an MDA either from a local method to transfer the message [8]. or by means of POP or IMAP [6]. Mail Submission Agent (MSA) III. VULNERABILITIES IN EMAIL SYSTEM Mail Submission Agent (MSA) uses SMTP and TCP for submitting mail to Mail Handling Service (MHS). MSA Vulnerability is a weakness or flaw in the system. imposes different requirements, such as access permission. Vulnerability allows an attacker to reduce a system's A Mail Submission Agent (MSA) gets the emails security. Vulnerability is the combination of three things: a submitted by the S-MUA and make mail to adhere to the system has flaw, attacker access to the flaw, and attacker Internet standards. MSA is divided into two has ability to exploit the flaw. In order to launch an attack subcomponents, S-MSA and H-MSA, respectively [8].S- on a mail service, the attacker will need to select and focus MSA appends header fields, such as Message-ID and Date on a section of the mail flow to exploit.