Frequently Asked Questions

I keep receiving pornographic emails via my UCL account. What can be done to stop this?

My system is under attack from a would-be intruder using your server. Please investigate this incident.

How can I keep my computer up-to-date so that it is protected against hackers?

I've received a complaint that I've been sending out e-mail infected with a virus. I don't think I have been. What should I do?

Q I keep receiving pornographic emails via my UCL account. What can be done to stop this?

A It is regrettable that you should be receiving this material, which can be distressing even when (as is most often the case ) it is not targeted at a particular individual. Unfortunately, it's very difficult to prevent unsolicited e-mail from being delivered to recipients within UCL. Filtering on particular senders imposes considerable overhead on the already heavily loaded College mail hubs. Effectiveness of filtering on sender identity is also limited, because junk e-mail often contains forged addresses which are varied to circumvent such controls.

UKERNA, the authority that manages the UK academic computer network, recommends simply deleting such messages. This is most easily done by hand, but - depending on which mail client you run - you may be able to define rules to discard messages automatically, subject to the same limitations noted above.

For information about other types of unsolicited e-mail - including fraud letters - click here .

Q My system is under attack from a would-be intruder using your server. Please investigate this incident. Here is an excerpt from my personal firewall logs:

Date: 01/01/2001
Time: 1:11:11 PM
Transport: ICMP
From: 144.82.xxx.xxx (xxx.ucl.ac.uk)
Source Port: 0
To: xx.xx.xx.xx
Destination Port: 0 (icmp)

A Some of our systems are hosted on AIX platforms. It is possible that the activity you observed results from a 'normal' feature of the IBM protocol stack. When a connection is made to such systems, the host attempts to perform path MTU discovery, to optimise the connection parameters. ICMP echo ('ping') packets are used in this process, as per RFC1191. If you, or someone using the same IP address in a recent timeframe, browsed our web pages, this would result in several pings being sent to your machine.

Q How can I keep my computer up-to-date so that it is protected against hackers?

A As any IT system administrator will tell you, this can be an uphill struggle - but definitely worth the effort, as many hackers are looking for easy targets and will go somewhere else if they find your machine is secure. The method varies from one system to another.

For Microsoft Windows, the dominant desktop operating system at the moment:

1. Install the latest Service Pack for your operating system.
2. Visit the windowsupdate web site, click the Product Updates link, and install any updates that are recommended.
3. Download and run the Microsoft Baseline Security Analyzer to check you haven't missed anything.
   This tool runs only on Windows 2000 and XP, though it is capable of analysing other systems remotely.
4. Install the critical update notification utility so that you are alerted to new updates in future.
   This tool runs only on Windows NT, 2000 and XP.

Linux users are at the mercy of their distribution. The largest player, Red Hat bundles in an updating mechanism analagous to Microsoft's windowsupdate. Arguably easier to use, Red Hat 'up2date' supports both graphical and command-line operation, the latter lending itself to larger-scale automatic deployments. It's free, too - don't be mislead by the minimal registration requirements.

Regardless of what platform you choose, be it Windows, Macintosh or some flavour of UNIX, it's important not to get too far out of touch with the current version. Most vendors cease to support their software after a few years - at which point any problems discovered are no longer fixed.

Anti-virus software that is capable of fetching updates automatically is also a basic requirement nowadays. F-Secure is recommended for this purpose.

Q I've received a complaint that I've been sending out e-mail infected with a virus. I don't think I have been. What should I do?

A There are a couple of possible explanations for this:

1. Your computer may have been infected with a virus / worm that has mass e-mailing capabilities. Such viruses commonly operate invisibly, quietly sending out e-mail to everyone you have ever corresponded with. They routinely send out infected documents as well, in order to propagate (and sometimes this activity causes another, possibly more serious problem: it might be extremely embarassing if sensitive documents from your hard disk are forwarded to random recipients).

Several viruses operate in this way. Up-to-date anti-virus software should be able to detect and prevent infection. See http://www.ucl.ac.uk/fsecure if you need to obtain such software.

Note: If your computer is infected with a mass mailing virus, you should not expect to see copies of the outgoing messages in your Outbox. Most viruses are self-sufficient and do not need to make use of your e-mail program to propagate.

2. Another computer may be involved, which has been infected by a virus and is sending out copies of itself to random recipients. The virus on that computer is forging the sender's address using a name taken from the system owner's address book, to make it harder to determine the real origin of the problem. Bad luck if your name is the one chosen!

Careful examination of the full e-mail header can usually confirm whether this is what is happening. Interpretation requires a bit of experience, so it's normally best to forwarding examples to the UCL computer security team ( cert(at)ucl.ac.uk ) for analysis.

When these infected messages are not delivered, or are intercepted by virus screening programs, the message is returned to you rather than to the machine that really sent the offending e-mail, because it's your name that's on the original message.

This page last modified 5 February, 2009 by Daniela Nicastro