Joe Job and SPF

First off, get your mind out of the gutter. A joe job has absolutely nothing to do with what you’re thinking about. It’s email related and it can be a pain in the ass to deal with.

What is a Joe Job?
Joe Job is the term used to describe the act of forging bulk email to appear to the recipient as if the email were coming from the victim. Generally speaking, this term is used to describe an attack of this nature. This is to say that when a spambot or botnet sends a massive amount of email to a victim. The named was coined by an attack launched against http://www.joes.com/ in January of 1997. The perpetrator (SPAMMER) sent a flood of emails from spoofed addresses in a (successful) attempt to enrage the recipients to take action against the company.

Why do I care?
There are many reasons, but I will just cover a few until you get the picture. The main victim of a SPAM attack of this nature ends up having an INBOX full of junk. This junk can potentially include malware, virii, and any number of phishing or scam based attacks. Also, since there is so much email traversing the connection, the bandwidth gets sucked up and depending on the actual amount of SPAM coming in, could render the connection unusable until all the mail is filtered through. The problem comes in when there are thousands of messages, that could take days or even weeks. Since the originating address is spoofed, those who don’t know are going to get very upset with who they *believe* to be responsible for sending the email. The last item I am going to touch on is that the person whose email address was spoofed now has to deal with all the auto-responses and whatever else may automatically come their way. (I think you get the idea).

What I can do?
There is nothing that you can do to completely avoid it besides not using the internet or email. There are some steps that you can take. One of the first things is to take a look at SPF (Sender Policy Framework). To set this up in DNS, you need to do the following:

In your DNS zone file for server.com, you should add something like the following:

server.com.  IN TXT    "v=spf1 a mx -all"
  • v – The version of SPF to use
  • a mx – The DNS attributes permitted to send messages for server.com
  • -all – Reject everything else that does match a or mx

This can also get more in depth depending on the number of email accounts you have and from where. For instance, let’s say your mail server’s name is mail.server.com and you also have email accounts on gmail (gmail.com)and your work email (myjob.com). Your line would look something similar to the following:

server.com.   IN   TXT   "v=spf1 mx a:mail.server.com include:gmail.com include:myjob.com -all"

The a line is saying that mail.server.com is authorized to send mail via your mail server. The include statements are basically saying that everything considered legitimate by either gmail.com or myjob.com should also be considered legitimate by you.

There is a lot more information on configuring SPF. The documentation should be read thoroughly as improperly configured SPF can prevent legitimate email from flowing. For more information of SPF and configuring it, check out:

SPF is just one method that can be used to fight against being a victim of a Joe job. You should always be using some method of SPAM filtering in addition to SPF. Layered security needs to be the approach when locking down any type of server or service.

File::ReadBackwards

Description: File::ReadBackwards works similar to the linux shell command tac. It reads the file line by line strarting from the end of the file.

CPAN: File::ReadBackwards

Example 1:
Being a System’s Administrator, I am usually doing some analysis on a large logfile. Therefore, I may not need all the information contained in the log. This may be especially true if the logs only get rotated once a day or once a week and I don’t need all the information in the log file. Using File::ReadBackwards in combination with a date and time calculation module, I can take only the amount of time I want to use from the logs and then stop processing there. Since we aren’t covering the date calculations here, I will push those out to another subroutine that we will assume works.

# Always use these
use strict;
use warnings;

# Use the module itself
use File::ReadBackwards;

# Define the log file to be read
my $log = "/var/log/log_file";

# Open the logfile by tie'ing it to the module
tie *LOG, "File::ReadBackwards", "$log"
   or die ("$log tie error: $!");

# Iterate over the logfile
while (my $line = ) {

  # Split the log line
  my @entry = split(/\s+/, $line);

  # Take the timestamp and check if we
  #   have hit our threshold yet
  # Break loop if we have
  last if (time_reached($entry[0]) == 1);
}

# Cleanup
untie (*LOG);

Building Telephony Systems With Asterisk

Date: 12 Mar 2007
The next generation in telephony in combination with FOSS (Free and Open Source Software) is Asterisk. With the Open Source community revolutionizing telephony, Askterisk is the forging the way ahead. If you don’t know what Asterisk is, then you are going to be left behind.

Vitals:
Title Building Telephony Systems With Asterisk
Author David Gomillion & Barrie Dempster
Pages 176
ISBN 1904811159
Publisher Packt Publishing
Edition 1st Edition
Purchase Amazon

Audience:
If you are looking for a way to save money on a phone system, how to deploy Asterisk either in a business or a personal environment, then this is the book for you. Even if you are just looking for find out more about VoIP, Voicemail systems, or a foundation of how telephony works, then this is a must read. If you have an existing Asterisk system and are looking for ways to tweak it or make it more efficient, then you need this book to take you through the first steps. This book caters more to those with less experience with Asterisk.

Summary:
As with any introduction to a new system, the most vital questions are; What is it? and Is it for me? The authors of this book discuss the background for what it (Asterisk) is in great detail in the first chapter. Then they answer the second question by discussing both the pros and the cons from many perspectives. Assuming that you have decided that Asterisk is the solution for you (based on the information in chapter 1), it’s time to look into deploying an Asterisk. First it is necessary to take stock of what you have to work with and what your capabilities are. The authors discuss the various telephony capabilities ranging from POTS, Ts (and frame relay), and ISDNs for the medium and then move on to SIP, IAX, H.323, and others for the software protocols. The last part of the planning stage is determining what you need and how to make it scalable. Given various scenarios of initial stages and growth, the authors begin alluding to dial plans, extensions, and some of the other aspects that make Asterisk so versatile.

Chapter 3 starts right from the basic installation of Asterisk and familiarization with the configuration files. So as not to waste too much time on building programs from source, the authors move right into the actual configuration. This is one of the places where the book excels. Since Asterisk is a very configurable program, it has many configuration files and configuration items. The authors take the time to go through, at least basically, each one of the major configuration files. First they start with the zaptel.conf and the zapata.conf for the hardware. Then its time to move onto the software configuration where we configure sip.conf and iax.conf. Now its on to one of the most important aspects of our Asterisk configuration, voicemail.conf. The chapter is then finished up with some of the more interesting aspects of Asterisk like queues, conference rooms, and music on hold.

Now that the Asterisk base has been installed, the authors walk you through configuring the dialplan. This is where Asterisk’s power really shows through. There are many advanced features covered here like call parking, direct inward dialing, automated attendents, and other advanced call distribution mechanisms. The author’s then discuss different methods of logging (CDR – Call Detail Records). Also covered were the ability to record and monitor calls (and even have a legal issues note).

Since one of the best features of Asterisk is versatility. Asterisk @Home is decieving by name. Housed by CentOS Linux, Asterisk @Home provides for a more graphic based and user friendly configuration mechanism called AMP, the Asterisk Management Portal. This chapter covers the way to configure Asterisk @Home through AMP and how each configuration aspect is matched to the concepts covered in Chapter 4. They even show integration of Asterisk and SugarCRM, a widely used FOSS customer relationship management software.

The authors now come to my favorite way of teaching, real life application. They use multiple case studies as is a staple of authors for Packt publishing. There are explanations of a SOHO (Small Office/Home Office) setup, small business setup, and a hosted PBX setup. The book is then rounded up by explanations of maintainance, backup (and restore), and security. Many of the topics discussed with regards to security are general security topics such as host based security, rule based access control, and firewalling. The final notes discuss scalability and various support mechanisms for Asterisk.

Opinion:
Although I found this book slightly difficult to get through, it was jam packed with information. I was especially impressed with the way in which the authors covered the configuration files and the way in which they were explained. As always, I thoroughly enjoy the case studies and real life examples that are provided by the authors.

The one item which I feel wasn’t well covered in this book is call quality. It is generally well known that call quality with VoIP has a tendency to be a problem. Since Asterisk is a transport medium with the flexibility for many configuration tweaks, I think there should have been more discussion about call quality and its enhancement.

Overall, I found this book to be extremely helpful, although dry at times. There is a lot of material to be conveyed and the authors did their best under the circumstances. This book is an excellent starting point for anyone who needs to bring Asterisk into their world and needs to start from square one.

File::Bidirectional

Description: The author of this module notes that it is best used, especially by him, when reading or manipulating log files. I have a tendency to use it for the exact same thing, especially when looking for context around captured lines.

CPAN: File::Bidirectional

Note:
Although I would like to note that using the tie’d interface as I have done takes approximately 2 1/2 times as long as a regular file read according to benchmarks, it is still a very handy tool and allows one not to reinvent the wheel.

Example 1:
Here we are going to go through a log file and when we hit the time stamp we want, we are going to change directions and go back through. There is no real reason to change direction here, I am merely demonstrating how it would be accomplished.

# Always use these
use strict;
use warnings;

# Use the module itself
use File::Bidirectional;

# Define the log file to be read
my $log = "/var/log/log_file";

# Open the logfile by tie'ing it to the module
#  This is exactly the same as File::ReadBackwards
tie *LOG, "File::Bidirectional", "$log", {mode => 'backward'}
   or die ("$log tie error: $!");

# Iterate over the logfile
while (my $line = ) {

  # Split the log line
  my @entry = split(/\s+/, $line);

  # Take the timestamp and check if we
  #   have hit our threshold yet
  # Get the line # then change direction
  if (time_reached($entry[0]) == 1) {
    $line_num = (tied *LOG)->line_num();
    (tied *LOG)->switch();
  }
}

# Cleanup
untie (*LOG);