Full Disclosure mailing list archives
RE: Is the FBI using email Web bugs?
From: "Ian Latter" <Ian.Latter () mq edu au>
Date: Thu, 08 Jan 2004 12:40:49 +1000
Your average proxy server won't allow connectivity to those low ports; mostly due to a spatter of mischeif in the early-mid 90's -- including using the service to send spam mail, and cute attacks in the order of links like http://server.anywhere.org:19/ ----- Original Message -----
From: "Poof" <gui () goddessmoon org> To: "'Gregh'" <chows () ozemail com au> Subject: RE: [Full-disclosure] Is the FBI using email Web bugs? Date: Wed, 07 Jan 2004 21:22:54 -0500 Actually- the problem with that is that fine... it won't allow any ports except for the needed 25/110/143... Then what's to stop an image from using http://www.spamsite.com:25/110/phonehome.jpg?emailaddress(or whatever) .... Nothing! Nice try though... Best protection is through your email client. O2K3 does it native ^^ ~-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure- admin () lists netsys com] On Behalf Of Ben Nelson Sent: Wednesday, January 07, 2004 7:34 PM To: Gregh Cc: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Is the FBI using email Web bugs? Gregh wrote:wont listen. In Zone Alarm you can tell it to DISALLOW Outlook Express(orwhatever you like) access to different ports. So, I tell it to disallow access to or from port 80 by OE. Thus, a received HTML email with picsandsuch in it just shows blanks, "x" or placeholders, really. Now, whilesayingthis, if you decided to use some other port to report back on, sure, you would get around this but the majority of spam operators who spam youdon'trequire JUST the "click to remove" to be clicked to verify you DO existthussend more spam and sell the address to another spammer. They also haveport80 and if the email is clicked on by a typical OE setup, just to delete,it"phones home". For those described earlier in this paragraph, ZAblocking OEin/out on port 80 stops most of the phone home stuff.Couldn't you just block all port access from OE *EXCEPT* those that are needed? (probably 25, 110, 143) --Ben _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
-- Ian Latter Internet and Networking Security Officer Macquarie University _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: auditing / logging while performing pen test, (continued)
- Re: auditing / logging while performing pen test Nico Golde (Jan 12)
- Re: auditing / logging while performing pen test Wojciech Pawlikowski (Jan 12)
- RE: auditing / logging while performing pen test Aleksander P. Czarnowski (Jan 12)
- Re: Is the FBI using email Web bugs? Stephen Clowater (Jan 07)
- Re: Is the FBI using email Web bugs? Les Ault (Jan 07)
- RE: Is the FBI using email Web bugs? tlarholm (Jan 07)
- RE: Is the FBI using email Web bugs? Todd Burroughs (Jan 08)
- RE: Is the FBI using email Web bugs? Gary E. Miller (Jan 08)
- RE: Is the FBI using email Web bugs? madsaxon (Jan 08)
- RE: Is the FBI using email Web bugs? Todd Burroughs (Jan 08)
- RE: Is the FBI using email Web bugs? Todd Burroughs (Jan 08)
- RE: Is the FBI using email Web bugs? Ian Latter (Jan 07)
- Re: Is the FBI using email Web bugs? Gregh (Jan 08)
- Re: Is the FBI using email Web bugs? Daniel B (Jan 08)
- Re: Is the FBI using email Web bugs? Gregh (Jan 08)
- Re: Is the FBI using email Web bugs? Daniel B (Jan 08)
- RE: Is the FBI using email Web bugs? Altheide, Cory B. (Jan 08)