Re: Sender Spoofing via SMTP

["S.A.B.R.O. Net Security" <sabronet () indy rr com>]

Even if you was able to disable all the telnet clients in question, your 
boxes
could still be molested in the same fashion using a simple HTTP 
(CONNECT/POST/GET)
tunnel request.


--
Sincerely,


William E. Hoover
S.A.B.R.O. Net Security Admin
www.sabronet.com
sabronet () indy rr com
admin () sabronet com





David Gillett wrote:

>  Because you can't reach out and disable the telnet clients
> on every potential attacker's machine!
>
>  Okay, what you have failed to grasp is that this is an
> example of using a (any!) Telnet client to connect to an
> arbitrary service protocol (in this case, SMTP).  So although
> the client is a human using telnet, the protocol and service
> are SMTP (and NOT telnet).  The presence or absence of a telnet
> service on the host is irrelevant.
>  [Many open protocols are defined such that it is possible to
> use a telnet client in this fashion -- it can be extremely useful
> when trying to troubleshoot a problem, especially if one is
> attempting to *implement* the protocol.  For whatever reason,
> most proprietary/closed protocols are not defined this way.]
>
> David Gillett
>
>
>  
>
> > -----Original Message-----
> > From: Pranav Lal [mailto:pranav.lal () gmail com] 
> > Sent: Saturday, November 05, 2005 8:44 AM
> > To: security-basics () securityfocus com
> > Subject: Re: Sender Spoofing via SMTP
> >
> > Brandon,
> >
> > Why not disable telnet?
> >
> > Pranav
> >
> >    
>
>
>
>