Phishing And Vishing

The animated TECHTip Tutorial is available here.

Phishing is a term applied to hackers who lure users into sending personal information via mail. Disguised as a bank, credit card, or other fraud alert, unsuspecting users provide their real credit information, which is then used for theft. Vishing is the phishing term being applied to VoIP where unsuspecting users are sent voice mails to call telephone number which appears to be a bank but is spoofed to a thief. The animated explanation explains how the process is easily done. Essentially, the Hacker simulates or “spoofs” a friendly IP address. Routers respond with LSAck [Link-State Acknowledgements]. LSA Database advertisements are sent to routers throughout the network. Routers Update their Route Tables. Router then change from Loading State to Full State and begin IP Datagram packet routing distributing SPIT or “phishing” email “vishing” calls to IP phones. Vishing for telephone telephones will occur in many ways such as the way a spambot operates. A spambot is a search engine program that searches the internet like search engines do. However, the function of the spambot is to return-retrieve email addresses found on most web sites, list-servs, user-groups and such as those found in Contacts/Info categories. In addition, Spambots can makeup/create email addresses from Web site information such as  webmaster at abc.com,  president at abc.com.

Spam works like this. An SMTP “open relay” email server is a server that allows any other server connects to it and relay-forward email. A properly configured (protected) email server will only allow authorized users (customers) to send email. The ISP [Internet Service Protocol] or online service that provides (hosts) email should guard against relay email. Anonymous re-emailers are open relay servers that strip out (remove) the email or IP [Internet Protocol] header info (address) and replace it with bogus (false) information to avoid trace backs (via trace route software).

Since this tutorial focuses on VoIP Security, please see other tutorials on IP Security or SS7. In VoIP security, there are two primary network issues - signaling path and media path. The signaling path comes from control of TCP [Transmission Control Protocol] issues explained next. Media Path control comes from protection of the conversation contained in IP packets. Spam or Spit hackers can attack either the signaling path or media path to add messages, redirect messages to other sites, or intercept and corrupt voice messages.

About TECHtionary
TECHtionary is the world’s first and largest animated library/magazine on technology - Web Hosting Magazine’s Editor’s Choice for Technical Help. TECHtionary produces white papers, magazine articles, in-depth product reviews, training tools, and custom animations. Call 303-594-3047 or e-mail  cross at gocross.com to let us show you how we can help you with exciting new tutorials on your products and services.

[tags]tcp,spam,smtp,vish,phish,lsack,link-state acknowledgement[/tags]