Security Incidents mailing list archives
Re: blind forwards
From: j.hall () F5 COM (John Hall)
Date: Thu, 29 Jun 2000 13:51:41 -0700
Yes, it would be possible to intercept email the way you mention. If it was done ineptly, then there might be indications in the RFC822 header such as extra "Received:" lines. Anyone who wanted a copy of your email who has access to any machine on the same physical network as your mail server or any of your upstream servers could easily get copies using one of several sniffer packages without leaving any sign at all. Even if they put an intercept server in the path the mail takes to get to you, they could make it transparent without any significant effort. If your mail is being intercepted, then most likely you will never know. The legality of email interception is still a grey area. Some cases are covered under the ECPA (Electronic Communications Privacy Act, 1996), but there are still few precedents. The case of using a sniffer to intercept packets containing email is almost certainly covered though and illegal, although you would probably have to have a pretty egregious offense to get a federal prosecutors attention. JMH Keith McCammon wrote: ...
I'm curious to find out how one could go about analyzing an e-mail to find out if it is being intercepted upstream before it reaches the intended recipient. For example, with some e-mail servers, a file can be placed in the user's mailbox on the server that will "blind" forward any incoming mail to a given address. SMTP Server --> Recipient's Mail Server--> USER-X (blind) and INTENDED-USER (as usual)
...
Keith
-- John Hall <j.hall () f5 com> F5 Networks, Inc. Senior Test Engineer 206-505-0800 It shall be unlawful for any suspicious person to be within the municipality. -- Local ordinance, Euclid Ohio
Current thread:
- Re: Nike Site taken over, (continued)
- Re: Nike Site taken over Aviram Jenik (Jun 24)
- Re: Nike Site taken over Valdis Kletnieks (Jun 26)
- funky syslog entry klug (Jun 26)
- Re: funky syslog entry Valdis Kletnieks (Jun 27)
- Re: funky syslog entry Jens Hektor (Jun 27)
- Re: funky syslog entry Erich Meier (Jun 28)
- Re: funky syslog entry Sean Michael Whipkey (Jun 28)
- blind forwards Keith McCammon (Jun 28)
- Re: blind forwards Ex Machina (Jun 29)
- Re: blind forwards Brock Norvell (Jun 29)
- Re: blind forwards John Hall (Jun 29)
- Re: blind forwards David Pick (Jun 30)
- Re: funky syslog entry UnixGeek (Jun 29)
- Re: funky syslog entry Chris West (Jun 29)
- wuftp exploit Toby Miller (Jun 28)
- Re: wuftp exploit Daniel Jacobowitz (Jun 28)
- Permissions Derick Schuetz (Jun 27)
- Re: Permissions Valdis Kletnieks (Jun 27)
- Re: Permissions Jon Lewis (Jun 27)
- Probes for MySQL under Linux? Ralf G. R. Bergs (Jun 27)
- Re: Probes for MySQL under Linux? Tabor J. Wells (Jun 27)