Re: I found this today and iam reporting it to you first!!! (fwd)

From: Daniel Dulitz (dulitzat_private)
Date: Sat Sep 04 1999 - 08:25:41 PDT

Next message: Fyodor: "Re: CERT Summary CS-99-03"

Previous message: John N Dvorak: "Re: Local DoS on network by unpriviledged user using setsockopt()"
Next in thread: Daniel W. Dulitz x108: "Re: I found this today and iam reporting it to you first!!! (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Technical Incursion Countermeasures writes:
> basically find two sites whose FW is conf'd to accept all mail and forward
> it to the real mailserver. If this mailserver bounces invalid addresses
> then you're on your way...
>
> spoof a mail from an invalid address on one end to an invalid address on
> the other. and sit back..

Sit back and watch absolutely nothing happen, unless both mailers are
misconfigured.  Even the venerable RFC821
(http://www.faqs.org/rfcs/std/std10.html) notes that:

	Of course, server-SMTPs should not send notification
	messages about problems with notification messages.

> the first site will accept the mail (this is the fault - it should reject
> if it is to comply with the IETF standard)

This cannot be the fault -- otherwise any pair of SMTP servers who
happen to send mail to each other by way of a relay (an ordinary MX
relay) would be vulnerable to such a spoofing attack.

Best,
daniel dulitz

Next message: Fyodor: "Re: CERT Summary CS-99-03"
Previous message: John N Dvorak: "Re: Local DoS on network by unpriviledged user using setsockopt()"
Next in thread: Daniel W. Dulitz x108: "Re: I found this today and iam reporting it to you first!!! (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:01:49 PDT