RE: Speaking of security...

From: Eric Harrison (eharrison@private)
Date: Tue Nov 06 2001 - 18:17:04 PST

  • Next message: Heidi: "DoS"

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    On Tue, 6 Nov 2001, McCall, Bill wrote:
    
    >Did you tell them or keep the joke to yourself?
    >
    >bill mccall
    
    I checked a couple of the more popular open-relay databases, it is not
    exactly a secret. On three of the different databases I found black-holed
    IP addresses that resolve to:
    
    	relay.faa.gov
    	atos.faa.gov
    	rms.faa.gov
    
    The only one of these servers that I can verify as currently operational
    is relay.faa.gov. Atos does not respond and rms refuses connections to port
    25. Hopefully they've cleaned up their act.
    
    - -Eric
    
    >-----Original Message-----
    >From: Alan [mailto:alan@private]
    >Sent: Tuesday, November 06, 2001 2:30 PM
    >To: crime@private
    >Subject: Speaking of security...
    >
    >
    >I find this both extreamly funny and frightening at the same time. 
    >
    >faa.gov is an open mail relay.
    >
    >This means that anyone can forge mail that looks like it comes from the FAA.
    >
    >Want to ban laptops on flights? Screaming babies? Silly string?  Now is your
    >
    >chance.
    >
    >It also begs the question of whether the rest of the silly rules involving 
    >nail clippers and the like are the result of forged e-mail.  (Nah! Too 
    >rational.)
    >
    >You would think that the people who are charged with securing planes would
    >do 
    >a better job securing their servers...
    >
    >It does explain a lot though.
    > 
    >****************************************************************************
    >This message is intended for the sole use of the individual and entity to
    >whom it is addressed, and may contain information that is privileged,
    >confidential and exempt from disclosure under applicable law.  If you are
    >not the intended addressee, nor authorized to receive for the intended
    >addressee, you are hereby notified that you may not use, copy, disclose or
    >distribute to anyone the message or any information contained in the
    >message.  If you have received this message in error, please immediately
    >advise the sender by reply email and delete the message.  Thank you very
    >much.                                                                       
    >
    
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (GNU/Linux)
    Comment: For info see http://www.gnupg.org
    
    iD8DBQE76JmpH9eQw/Gi3tURAkkGAJ9Tui1hjxYgKOnnUhww3LZ32iPowgCaAn4y
    9C94x4QzaM2v6U2dSpk6aIo=
    =Wx24
    -----END PGP SIGNATURE-----
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:30:15 PDT