Bugtraq mailing list archives
Re: I found this today and iam reporting it to you first!!! (fwd)
From: wietse () PORCUPINE ORG (Wietse Venema)
Date: Sat, 4 Sep 1999 14:21:53 -0400
Scenario: mail from Scenario: mail from non-existent@domain1 to Scenario: mail from non-existent@domain1 to non-existent@domain2, through SMTP servers that accept mail for non-existent addresses. The poster suggests that the resulting bounce message will loop. However, the poster fails to reveal the reasoning behind this. Whatever reasoning the poster used, it is invalid with any reasonable mail system, because it is the mail system that chooses the bounce message originator address; the bounce message originator address is not under control by the attacker. In other words, the suggested loop does not exist. Wietse Technical Incursion Countermeasures:
You can do a variation on this one (well sort opf - is a logstanding prob) basically find two sites whose FW is conf'd to accept all mail and forward it to the real mailserver. If this mailserver bounces invalid addresses then you're on your way... spoof a mail from an invalid address on one end to an invalid address on the other. and sit back.. the first site will accept the mail (this is the fault - it should reject if it is to comply with the IETF standard) and pass it inward, the mailserver then sends an error message to the "sender" and the same process occurs at the other end... Rate of messages depends on bandwidth - but you can expect at least 1/sec... Of course you can multiply it if you send it to a list of recipients.. :} cheers, Bret Technical Incursion Countermeasures consulting () TICM COM http://www.ticm.com/ voice mail/fax: (+65)459 6373(UTC+8 hrs) The Insider - a e'zine on Computer security Call for papers Vol 3 Issue 2 http://www.ticm.com/info/insider/index.html
Current thread:
- I found this today and iam reporting it to you first!!! (fwd) Alfred Huger (Aug 30)
- <Possible follow-ups>
- Re: I found this today and iam reporting it to you first!!! (fwd) blue0ne (Sep 02)
- Re: I found this today and iam reporting it to you first!!! (fwd) Technical Incursion Countermeasures (Sep 02)
- [SECURITY] TenFour TFS SMTP 3.2 Buffer Overflow Christophe Lesur (Sep 02)
- SCO 5.0.5 /bin/doctor local root comprimise Brock Tellier (Sep 03)
- Re: SCO 5.0.5 /bin/doctor local root comprimise Seth R Arnold (Sep 08)
- Re: I found this today and iam reporting it to you first!!! (fwd) Peter van Dijk (Sep 04)
- Re: I found this today and iam reporting it to you first!!! (fwd) Daniel Dulitz (Sep 04)
- Re: I found this today and iam reporting it to you first!!! (fwd) Bret Watson (Sep 07)
- Re: I found this today and iam reporting it to you first!!! (fwd) Daniel W. Dulitz x108 (Sep 06)
- Re: I found this today and iam reporting it to you first!!! (fwd) Wietse Venema (Sep 04)
- Re: I found this today and iam reporting it to you first!!! (fwd) Alan Brown (Sep 07)
- Re: I found this today and iam reporting it to you first!!! (fwd) Jamie A. Lawrence (Sep 04)
- Re: I found this today and iam reporting it to you first!!! (fwd) Bret Watson (Sep 07)
- Re: I found this today and iam reporting it to you first!!! (fwd) Bill Royds (Sep 07)