Monthly Archives: December 2017

Spam … not that stuff in a can

We all get email we don’t want. That email from your teacher telling you your assignment is late? Unwanted! Spam is email that is unwanted and is sent to multiple people.

Spam spam spam spam

Spam spam spam spam

The name came from the British Comedy group Monty Python. They had a song that talked about the meat in a can called spam and repeated the word an awful lot. The people who dealt with this in the early days of the Internet were fond of the song and the name just stuck. It’s spam.

It’s annoying and it can be dangerous. Spam can deliver malware to your system, and isn’t that just too rude for words. There’s two ways it can do it. One is to have an attachment and hope that you download it. If you download it, there’s a good chance you might get malware from it.

The other way is to hope you click on a link in the email. If you do that, you’ll probably download malware.

Either way, they want you to install malware on your system so that they can use your system for their own means.

So now comes the hard part, how do you recognize spam? Well, there are programs that do that for you. Most places that provide email have these in place, because they don’t like spam either. Gmail has one that puts all spam email into a quarantine area to keep it separate from your safe email.

Spam Quarantine

Spam Quarantine

It only keeps spam email around for 30 days before deleting it. That’s because these programs aren’t perfect. They do their best to detect spam from not spam, but they aren’t perfect.

We know spam contains URLs for you to click on, but what if your friend sends you a link to an Imgur photo album for you to check out? Then the spam program could send your friends email to the quarantine area.

On the other hand, sometimes spam doesn’t get sent into the quarantine area. If you get an email with a random link on it, don’t click! If you’re not sure that the original sender sent you that, call (or text) and ask! Same for attachments. It’s better to be safe than infected.

Viruses!

A virus is that nasty little organism that can give you the cold or the flu, or any number of other diseases. It’s a horrdendous little critter that makes you feel awful. Good thing that there are vaccines for many of these viruses, right? I don’t want to get the flu every winter.

Viruses are not fun

Viruses are not fun

Computer viruses are similar. They’re nasty little programs that can make your computer do things you don’t want it to do. They can search for information on your computer, make your computer send spam, make your computer be part of a DDOS, all sorts of things you don’t want your computer to do. In other words, viruses are bad.

Computer viruses

Computer viruses

Which is true for both people and computers, they’re just different things. You can’t get a cold and give it to your computer and if your computer gets a virus, it won’t give it to you, I promise.

On the other hand, your computer can have a virus and you’ll never know. It’d be doing things you don’t want it to and without a monitoring program, your computer will be happily being bad. That’s why antiviruses are good for your computer.

A vaccine will stop one virus (and maybe some mutations of it). Antivirus programs try to stop all kinds of bad software, not just one kind. Without antivirus software, your computer could get that virus and did I mention how you might never know? Some computer viruses are really bad and try to make your computers useless, but most just try to make your computer do things that it wants you to do.

Computer viruses are also known as malware, which is short for malicious software. In fact, that’s the most common name for computer viruses. They’re used by bad guys to make money and we’ll talk more about the different ways they do that.

DDOS

There’s lots of bad stuff on the Internet these days. In this post and the next few, I’m going to talk about some of the kinds of bad stuff and what you can do to protect yourself. The first one we’re going to talk about is a Distributed Denial of Service, or DDOS. It’s mainly called DDOS so we don’t have to type out Distributed Denial of Service every time (I admit, I copy and pasted that second one so I didn’t have to type it the second time).

A DDOS is where the attacker tries to overwhelm the target with so much traffic that they can’t do anything. Imagine your connection to the Internet as a pipe.

The Internet as a Pipe

The Internet as a Pipe

The pipe flows both ways. It lets you send traffic to the Internet (like sending an email) or receive traffic (like reading https://computerlamp.net/). A DDOS attack fills that pipe up by sending you so much traffic you can’t do anything. You can’t send packets out, nor can you surf the web. You’re basically knocked off the net.

When a company is DDOS’d, they can lose money. For example, if I sell computer lamps on my website and someone DDOS’s it, I can’t take any more orders. I’m losing money because of this attack.

We’ve talked about how a DDOS can deny your service from happening, but where does the word distributed come in? In the old days, a massive amount of traffic would come to your computer from one IP address. It turns out, firewalls stop that attack really well.

The bad guys had to find a new way to attack and they did it by sending the traffic from many IP addresses. Blocking one IP address is easy, blocking 10,000 is not so easy. Especially when they change during the attack.

What do you do if you’re the victim of a DDOS attack? Well, if it’s just your home computer, you can probably wait it out. Or if you’re using DHCP, you can change your IP address and hope they don’t find you. If that doesn’t help, contact your ISP.

iptables

Last post we talked about firewalls and what they mean. I did a lot of talking about what the firewall should do, not how to do them. I also said the program that Linux uses is called iptables.

This time, we’ll talk about how to configure firewalls. Now, these are commands that can only be run as root, not as computerlamp or yourself. This is an informative post, not one you should run out and try. Unless you really really need firewall rules, then I suggest you Google for a more definitive list.

A firewall rule doesn’t exist by itself, it’s part of a collection. iptables calls these chains.

So, iptables has lots of flags. Lots and lots of flags. These are just a few:

Short flag Long flag What is it?
-p –protocol The protocol
-s –source Where’s this coming from?
-d –destination Where’s this going to?
-i –in-interface What interface is it coming in on?
-o –out-interface What interface is it going out to?
-j –jump What do I do with it?
-A –append Add the rule to the listed chain

The loopback (link) interface (lo) is the one where the computer talks to itself. The computer wants to talk to itself, so the command looks like:

iptables -A INPUT -i lo -j ACCEPT

That means add this rule to the INPUT chain. Now, for the loopback interface, accept all traffic coming in.

iptables -A OUTPUT -i lo -j ACCEPT

Add this rule to the OUTPUT chain and accept all traffic on the loopback interface.

Now suppose my friend is being really annoying and is attempting to hack my computer. I know what IP address his computer has, so I want to stop him at my firewall. Then he can be annoying all he wants, and I’ll never know.

iptables -A INPUT -s 8.8.8.8 -j DROP

Drop all traffic from the source 8.8.8.8 and don’t forget, add this rule to the INPUT chain.

Now 8.8.8.8 is Google’s public DNS server, so I don’t necessarily want to drop all traffic from there. I just didn’t want to publish my friend’s IP address.

Read the man page for iptables and you’ll see there’s all sorts of flags I didn’t mention. Remember, this isn’t for you to run out and try to change the firewall on your Linux system, it’s just to talk about what you could do.