Security Basics mailing list archives
RE: Sender Spoofing via SMTP
From: "David Gillett" <gillettdavid () fhda edu>
Date: Mon, 7 Nov 2005 08:51:35 -0800
Because you can't reach out and disable the telnet clients on every potential attacker's machine! Okay, what you have failed to grasp is that this is an example of using a (any!) Telnet client to connect to an arbitrary service protocol (in this case, SMTP). So although the client is a human using telnet, the protocol and service are SMTP (and NOT telnet). The presence or absence of a telnet service on the host is irrelevant. [Many open protocols are defined such that it is possible to use a telnet client in this fashion -- it can be extremely useful when trying to troubleshoot a problem, especially if one is attempting to *implement* the protocol. For whatever reason, most proprietary/closed protocols are not defined this way.] David Gillett
-----Original Message----- From: Pranav Lal [mailto:pranav.lal () gmail com] Sent: Saturday, November 05, 2005 8:44 AM To: security-basics () securityfocus com Subject: Re: Sender Spoofing via SMTP Brandon, Why not disable telnet? Pranav
Current thread:
- Re: Sender Spoofing via SMTP, (continued)
- Re: Sender Spoofing via SMTP Tomasz Nidecki (Nov 07)
- Re: Sender Spoofing via SMTP jlopez2k5 (Nov 04)
- Re: Sender Spoofing via SMTP jalbuquerque (Nov 04)
- RE: Sender Spoofing via SMTP Tim Ballingall (Nov 04)
- RE: Sender Spoofing via SMTP Craig Wright (Nov 04)
- Re: Sender Spoofing via SMTP brandon . steili (Nov 04)
- Re: Sender Spoofing via SMTP Pranav Lal (Nov 07)
- Re: Sender Spoofing via SMTP Ansgar -59cobalt- Wiechers (Nov 07)
- Re: Sender Spoofing via SMTP Pranav Lal (Nov 09)
- Re: Sender Spoofing via SMTP Chris Moody (Nov 10)
- Re: Sender Spoofing via SMTP Pranav Lal (Nov 07)
- RE: Sender Spoofing via SMTP David Gillett (Nov 07)
- Re: Sender Spoofing via SMTP S.A.B.R.O. Net Security (Nov 08)
- Re: Sender Spoofing via SMTP Tomasz Nidecki (Nov 08)
- Re: Re: Sender Spoofing via SMTP Bryan S. Sampsel (Nov 08)