Security Basics mailing list archives
Re: Re: Sender Spoofing via SMTP
From: Barrie Dempster <barrie () reboot-robot net>
Date: Tue, 08 Nov 2005 08:08:59 +0000
On Mon, 2005-11-07 at 14:59 +0000, brandon.steili () gmail com wrote:
Unfortunately this has already been done. Windows Server 2003 in it's default configuration ships with the Telnet Service disabled. Unless I'm missing something (like another service? - or executable ) it is shut off despite the fact that it still works.
telnet mail.example.com 25 This has absolutely nothing to do with the Telnet service! The telnet *client* is being used to access the *SMTP Service* that's why we have a port 25 there, the telnet service runs on port 23 by default. You could shutdown Telnet, uninstall it, firewall the port but it doesn't affect SMTP. If the SMTP port is open then any client can connect. There is a common misunderstanding, which you seem to have, that the Telnet client and Telnet service have some sort of magical binding (pun intended), Telnet is not much more than a program for opening a connection to a port, the protocol use after that is irrelevant. Since many protocols such as FTP/HTTP/SMTP/POP3 etc... can be typed by hand then you can use any of these from the Telnet client. The best way to demonstrate this is to install netcat and run that against port 25, there is not even a netcat service on your system so how does this work? Again general purpose client directed at an open port. You get your FTP client to connect to port 25 if you wanted to, the only problem is it probably can't speak SMTP, this is why with Telnet you the *user* speak the SMTP, not the client. Typing EHLO, RCPT etc... is you talking to the SMTP server using the SMTP protocol. The spoofing can be done with any mail client, just configure the addresses in outlook express and it'll work. It's just common to use Telnet to diagnose/demonstrate issues as it shows you all of the protocol without having to setup a sniffer, it's a simple tool for a simple job. Some servers close connections if the protocol isn't followed fast enough, this isn't usually an attempt to prevent clients other than mail clients connecting it's actually more useful as a performance enhancing technique, ie.. hung clients are quickly dropped. It's also worth noting that spammers don't often use Telnet, outlook express or any other general purpose mail client. They use a spamming script/program of some kind, usually. -- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue "He who hingeth aboot, geteth hee-haw" Victor - Still Game blog: http://reboot-robot.net sites: http://www.bsrf.org.uk - http://www.security-forums.com ca: https://www.cacert.org/index.php?id=3
Attachment:
smime.p7s
Description:
Current thread:
- Re: Sender Spoofing via SMTP, (continued)
- Re: Sender Spoofing via SMTP S.A.B.R.O. Net Security (Nov 08)
- Re: Sender Spoofing via SMTP Luis Fernandez (Nov 07)
- Re: Sender Spoofing via SMTP Tomasz Nidecki (Nov 08)
- RE: Sender Spoofing via SMTP Craig Wright (Nov 07)
- Sender Spoofing via SMTP brandon . steili (Nov 07)
- Re: Sender Spoofing via SMTP Tomasz Nidecki (Nov 08)
- RE: Sender Spoofing via SMTP Matt Stovall (Nov 07)
- Re: Re: Sender Spoofing via SMTP dominiquesb (Nov 07)
- Re: Re: Sender Spoofing via SMTP Bryan S. Sampsel (Nov 08)
- Re: Re: Sender Spoofing via SMTP brandon . steili (Nov 07)
- Re: Re: Sender Spoofing via SMTP Barrie Dempster (Nov 08)
- Re: Re: Sender Spoofing via SMTP Bryan S. Sampsel (Nov 08)
- RE: Sender Spoofing via SMTP Matt Stovall (Nov 08)
- Re: [LIST][SECURITYBASICS] Sender Spoofing via SMTP Tomasz Nidecki (Nov 09)
- Re: [LIST][SECURITYBASICS] Sender Spoofing via SMTP Devdas Bhagat (Nov 15)
- Re: Sender Spoofing via SMTP Tomasz Nidecki (Nov 16)
- Re: [LIST][SECURITYBASICS] Sender Spoofing via SMTP Tomasz Nidecki (Nov 17)
- Re: [LIST][SECURITYBASICS] Sender Spoofing via SMTP Tomasz Nidecki (Nov 09)
- RE: Sender Spoofing via SMTP Matt Stovall (Nov 08)
- Re: Sender Spoofing via SMTP Tomasz Nidecki (Nov 09)