[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SMTP forgeries

To: [email protected]
Subject: SMTP forgeries
From: Adam Back <[email protected]>
Date: Thu, 20 Nov 1997 19:48:30 GMT
Sender: [email protected]



What is the state of the art with SMTP mail forgeries?

It seems that the forwarding SMTP agent can determine the senders IP
address.

I am wondering if this could be prevented by using IP level spoofing
to put fake return IP address on the TCP/IP connection to the
receiving mail hubs SMTP port, in that the sender does not really need
the information the SMTP hup sends back.

This would then be a variant of the IP spoof attack.  What would be
needed would be a site which blindly accepted the one sided traffic
from the receiving SMTP hub where it thought it was replying to the
traffic.

eg. Sender says:

HELO nsa.gov
250 locahost Hello locahost [127.0.0.1], pleased to meet you

The sendmail seems to be trying to be clever doing a reverse name
lookup, and ignoring what you tell it on the HELO line.
The 250 reply is not required by the sender.

MAIL FROM: [email protected]
250 [email protected]... Sender ok

RCPT TO: [email protected]
250 [email protected]... Recipient ok

DATA
354 Enter mail, end with "." on a line by itself
asdfasdfasdf

Prev by Date: No Subject
Next by Date: Re: Nobuki Nakatuji
Prev by thread: Re: Free start up kit
Next by thread: Copyrights and Wrongs, from The Netly News
Index(es):
- Date
- Thread