Security Basics mailing list archives
RE: ESTMP Exploits & Security
From: "JTH" <jth () visi com>
Date: Wed, 17 Mar 2004 12:41:12 -0600
-----Original Message----- From: Dante Mercurio [mailto:Dante () webcti com] Sent: Wednesday, March 17, 2004 12:35 PM To: JTH; security-basics () securityfocus com Subject: RE: ESTMP Exploits & Security I seem to remember a firewall or gateway product that distinguished telnet attempts to an SMTP service by the fact that a manual telnet session sends each character in a separate packet, and a true mail connection does not. I don't remember much detail, but may be a good place to start.
I've seen one or two of these; the problem with this is I can go into a GUI mail client and pop in my client's SMTP server as my SMTP server, never even needing to open a command line. So while a product like this would mitigate one form of email spoofing, it's easily worked around. --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- ESTMP Exploits & Security Jeff McLaughlin (Mar 09)
- <Possible follow-ups>
- RE: ESTMP Exploits & Security Jeff McLaughlin (Mar 11)
- RE: ESTMP Exploits & Security JTH (Mar 17)
- RE: ESTMP Exploits & Security Dante Mercurio (Mar 17)
- RE: ESTMP Exploits & Security JTH (Mar 17)