Full Disclosure mailing list archives
Re: Windows XP denial of service 0day found in CTF exercise
From: Valdis.Kletnieks () vt edu
Date: Tue, 17 Apr 2012 19:10:36 -0400
On Tue, 17 Apr 2012 17:48:47 -0400, "Elazar Broad" said:
At least configure your SPF record policy to hard fail, and consider Domain Keys and/or DMARC.
Given where his MX's point, and the fact that the SPF includes a :include that points at another domain, simply setting it to "hard fail" without breaking his e-mail may or may not be easy to do. Similarly, if he sets it to hard fail, he probably can't turn on DKIM without the cooperation of the domain listed in the :include (A *lot* of sites that do SPF only code 'soft fail' so that other tools like spamassassin can add a few points if the mail comes from an "unexpected" place, but don't want to have hard-fail because that can break users. For instance, we don't publish a hard-fail because that results in a support headache if one of our professors goes to a conference and sends e-mail from his hotel room - and the hotel network hijacks the connection. *loads* of fun to sort that out when the professor calls our help desk from Seattle or Tokyo. And of course, he's a chemical engineering professor, so has zero network debugging tools on the laptop...)
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Windows XP denial of service 0day found in CTF exercise Elazar Broad (Apr 17)
- Re: Windows XP denial of service 0day found in CTF exercise Valdis . Kletnieks (Apr 17)