|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] spoofing off subject
|
How do you telnet into a hotmail account? I have a friend who wants to
leave Bill Gates behind but does not want to go through the hassle of
chaning her e-mail address.
bs
On Mon, 30 Sep 2002, gabriel rosenkoetter wrote:
> On Mon, Sep 30, 2002 at 02:40:37PM -0400, Jason wrote:
> > Forged spam is a definite problem, and sometimes your email address may be
> > used as the forged sender when sent to others. This is a really big problem
> > if your email server is being used as an "open relay".
>
> Um. Those two things are completely unrelated. I can give whatever
> address I like as an argument to MAIL FROM: when I'm talking to your
> SMTP (or, really my own) server. If you want me to, I'll prove to
> you by sending email from you to you from my MX (uriel.eclipsed.net,
> go ahead and test it for relaying, it doesn't).
>
> Better yet, test this yourself. Set up a hotmail account, then
> telnet to port 25 of (one of) Hotmail's mail exchanger(s). For extra
> points, telnet for a shell account on a system other than where you
> actually receive mail. Issue these commands:
>
> EHLO <your local host>
> MAIL FROM: Jason <jason@nocks.com>
> RCPT TO: <account>@hotmail.com
> DATA
> Subject: whee, faked source address
>
> blah blah
> .
> QUIT
>
> Note that the mail received on Hotmail appears to be from you, even
> though it wasn't sent in the usual fashion (or from the "right"
> place). Now examine the full headers (if Hotmail even lets you do
> that), and notice that the source IP address that originally made the
> connection to Hotmails mail exchanger was, in fact logged and has,
> in fact, nothing to do with nocks.com's mail exchanger. Tracing
> things by email address is silly and useless. Tracing them by
> Recieved: headers works some times, but those are easily spoofed as
> well (they're just text in a message!). You're best off going the
> next hop back and examining log files until you get where you're
> going.
>
> > If you use fetchmail, then if there is a problem, it is most
> > likely your ISP's concern, assuming you have adequate firewall
> > protection around your local email server.
>
> No, it's most likely no one's concern. There is no reason that Art's
> mail server needs to be even remotely involved for email to appear
> to come from him. This is why we use digital encryption algorithms
> for authentication; source addresses are totally meaningless. IP
> addresses still bear a little bit of weight, but email addresses
> bear none at all.
>
> Unless it's digitally signed, there's no way to prove a given person
> sent something that it appears they sent, and it is demonstrably
> simple to prove that faking it was possible. No court would let
> anything fly based on a source email address. (Cf, topical /.
> headline today.)
>
> --
> gabriel rosenkoetter
> gr@eclipsed.net
>
_________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion -- http://lists.netisland.net/mailman/listinfo/plug
|
|