Re: IP number question
david20_at_alpha2.mdx.ac.uk
Date: 01/28/05
- Next message: Fergus Ryder: "Simple Questions re HTTPS"
- Previous message: Security Alert: "SSRT3472 rev.3 HP-UX stmkfont potential unauthorized access"
- In reply to: Walter Roberson: "Re: IP number question"
- Next in thread: Walter Roberson: "Re: IP number question"
- Reply: Walter Roberson: "Re: IP number question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 28 Jan 2005 15:27:31 +0000 (UTC)
In article <ctbm99$amk$1@canopus.cc.umanitoba.ca>, roberson@ibd.nrc-cnrc.gc.ca (Walter Roberson) writes:
>In article <w4cKd.11233$rw.4612@fed1read04>,
>Michael J. Pelletier <mjpelletier@mjpelletier.com> wrote:
>
>:Interesting. I thought that news servers operated like mail servers. True
>:you can forge the envelope from, etc but the mail server will record the IP
>:address that connected to it and record it into the header.
>
>That's a bit of a misconception. MTA's are not -required- to add the
>IP address to headers of email messages, and there are literally tens
>of thousands of them out there which do not. The Received-By: headers that
>are commonly added are a convention, not a requirement, and it isn't
>rare to find systems that do not add the headers or which throw away
>the Received-By: headers they were handed.
>
>From RFC 2821 (http://www.faqs.org/rfcs/rfc2821.html
"
3.8.2 Received lines in Gatewaying
When forwarding a message into or out of the internet environment, a gateway
MUST prepend a Received: line, but it MUST NOT alter in any way a Received:
line that is already in the header.
"
Hence any compliant internet facing MTA MUST add in received lines.
>:I guess what you are saying is that news servers are not as "smart". True?
>:If so, thanks for the explanation. I guess you learn something everyday!
>
>There is nothing that would -prevent- nntp servers from adding trace
>headers such as Received-By:. It just hasn't been done. It wouldn't
>require any change to the protocol at all, just minor changes to
>the handling software.
>
>Conversely, smtp servers haven't proven particularily "smart" about
>weeding out bogus claims about how the mail got to them. The convention
>is better than nothing, when it is followed, but it isn't always followed.
As shown above it is more than a convention it is a requirement for compliant
internet facing MTAs. The problem is that a mail forger could have added extra
received lines into the header when it was sent.
David Webb
Security team leader
CCSS
Middlesex University
>--
> Come to think of it, there are already a million monkeys on a million
> typewriters, and Usenet is NOTHING like Shakespeare. -- Blair Houghton.
- Next message: Fergus Ryder: "Simple Questions re HTTPS"
- Previous message: Security Alert: "SSRT3472 rev.3 HP-UX stmkfont potential unauthorized access"
- In reply to: Walter Roberson: "Re: IP number question"
- Next in thread: Walter Roberson: "Re: IP number question"
- Reply: Walter Roberson: "Re: IP number question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
