Re: Sender Spoofing via SMTP

From: S.A.B.R.O. Net Security (sabronet_at_indy.rr.com)
Date: 11/08/05

  • Next message: Matt Stovall: "RE: Sender Spoofing via SMTP" 
    Date: Tue, 08 Nov 2005 07:48:51 -0500
To: security-basics@securityfocus.com

    Even if you was able to disable all the telnet clients in question, your
    boxes
    could still be molested in the same fashion using a simple HTTP
    (CONNECT/POST/GET)
    tunnel request. 

    -- 
Sincerely,
William E. Hoover
S.A.B.R.O. Net Security Admin
www.sabronet.com
sabronet@indy.rr.com
admin@sabronet.com
David Gillett wrote:
>  Because you can't reach out and disable the telnet clients
>on every potential attacker's machine!
>
>  Okay, what you have failed to grasp is that this is an
>example of using a (any!) Telnet client to connect to an
>arbitrary service protocol (in this case, SMTP).  So although
>the client is a human using telnet, the protocol and service
>are SMTP (and NOT telnet).  The presence or absence of a telnet
>service on the host is irrelevant.
>  [Many open protocols are defined such that it is possible to
>use a telnet client in this fashion -- it can be extremely useful
>when trying to troubleshoot a problem, especially if one is
>attempting to *implement* the protocol.  For whatever reason,
>most proprietary/closed protocols are not defined this way.]
>
>David Gillett
>
>
>  
>
>>-----Original Message-----
>>From: Pranav Lal [mailto:pranav.lal@gmail.com] 
>>Sent: Saturday, November 05, 2005 8:44 AM
>>To: security-basics@securityfocus.com
>>Subject: Re: Sender Spoofing via SMTP
>>
>>Brandon,
>>
>>Why not disable telnet?
>>
>>Pranav
>>
>>    
>>
>
>
>
>  
>
  • Next message: Matt Stovall: "RE: Sender Spoofing via SMTP"