Internet


In 1999 I wrote a series of Border Gateway Protocol tutorials including a tutorial on autonomous system numbers. Since then AS numbers have been changed from 16-bit to 32-bit numbers to avoid running out of identifiers for BGP sessions. I have updated theAS numbers tutorial with a table that outlines what each range of autonomous system numbers are used for.

Dear InetDaemon,

Web Technologies by Jeffery Jackson says HTTP stands for Hypertext Transport Protocol, but your site says it is HyperText Transfer Protocol.  Which is it?

Thanks!

Hypertext Transfer, or Hypertext Transport, which is it?

(Jump straight to The Fix)

The Reader’s Question:

Dear InetDaemon,

Why do I get a “503 Valid RCPT command must precede DATA” message when I send to some people?

Thanks!

The Error Message

This mail message is sent to you automatically by the mail server.  It most often happens when you are sending to someone who doesn’t use the same mail provider you use.  The mail server will automatically send you this notification when you have not configured Outlook to send your login information to the server before sending e-mail.  The body of the notification email will have a message that looks something like this:

FROM:  System Administrator
TO:    InetDaemon
Subject:   Undeliverable:  Test Message

Your message did not reach some or all of the intended recipients.
      Subject:    Test Message
      Sent: 6/2/2012 7:38 AM
The following recipient(s) cannot be reached:
      <[email protected]> on 6/2/2012 7:38 AM
             503 Valid RCPT command must precede DATA

Why It Happens

Responsible email providers will require you to configure Outlook to log in to their server before sending e-mail to restrict the ability to send mail from their servers to just their own customers.  This helps block spam by preventing anyone who doesn’t have a login from sending an e-mail from that server.  Your mail service provider requires that you verify your account information before downloading mail (via IMAP or POP3), and they also require it before sending mail via Simple Mail Transfer Protocol (SMTP).

Sending login information to the server before sending an e-mail is not a Microsoft Outlook default, so you get an error from your email provider’s mail server when sending to external providers.

The Geeky Bits

The mail server that actually sends your e-mails for you has been configured to use the SMTP AUTH extension as defined in RFC 2554.  When sending an e-mail, the mail user agent (Outlook) connects to the mail transfer agent (your provider’s mail server) and the server responds with the authentication types used by sending the client the SMTP verb “AUTH” and a list of methods.  The client selects an authentication method it supports and replies back with “AUTH <method>”.  If the server does not receive an AUTH from the client, it treats the client as an unknown sender and does whatever the server is programmed to do when an unknown sender sends mail (ignore the mail message, send a warning message to the client).

How to Fix It

How to fix “503 valid RCPT command must precede DATA”:
Continue reading

I’m paranoid about the web, and with good reason.

The #1 way hackers get into computers today is through your web browser from an infected website.  The battle for control of your computer has spread from e-mail and attachments. Another battlefront has opened up on your web browser.  A large number of big-name sites have been hacked recently and nobody is completely sure just what the hackers made off with.  Hackers use DNS spoofing to trick computers into coming to an infected website, so you can’t completely be sure that you ended up on the website you intended to visit. They also buy up common misspellings of big sites to catch anyone that makes a typo.

Hackers have been using SQL injection vulnerabilities to break into websites for years (it is in fact one of the primary ways hackers get into a server), and these vulnerabilities still go unpatched. Now they are infecting websites in order to set up complex computer/browser/plugin fingerprinting engines that detect vulnerable versions.  These engines deliver attacks custom-tailored to infect the visitor’s computer with slimy botware.  Take out the cookies, pop-ups, plugins and JavaScript and you’ve stripped your attack surface these engines can attack, down to just your web browser. But this makes browsing less user friendly and a lot more frustrating in the short term, and confusing for people who aren’t technical.

Of course, whenever someone starts talking about a really secure platform, the Mac fanboys jump right in to tell me how secure Apple MacOS is–never mind that the MacOS/Safari combo gets hacked every year (2007200820092010,2011)  during PWN2OWN at CANSECWEST.  Never mind that the hackers have now developed a crimeware kit for the Mac, which means Mac users will need to be on the lookout for a deluge of malware from now on.

With so much dangerous malware and so many threats, how do I stay secure online?

READ MORE: Browser inSecurity – How I Stay Protected Online