Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: I found this today and iam reporting it to you first!!! (fwd)

From: dulitz () VALLEYTECH COM (Daniel Dulitz)
Date: Sat, 4 Sep 1999 11:25:41 -0400

Technical Incursion Countermeasures writes:

basically find two sites whose FW is conf'd to accept all mail and forward
it to the real mailserver. If this mailserver bounces invalid addresses
then you're on your way...

spoof a mail from an invalid address on one end to an invalid address on
the other. and sit back..


Sit back and watch absolutely nothing happen, unless both mailers are
misconfigured.  Even the venerable RFC821
(http://www.faqs.org/rfcs/std/std10.html) notes that:

        Of course, server-SMTPs should not send notification
        messages about problems with notification messages.


the first site will accept the mail (this is the fault - it should reject
if it is to comply with the IETF standard)


This cannot be the fault -- otherwise any pair of SMTP servers who
happen to send mail to each other by way of a relay (an ordinary MX
relay) would be vulnerable to such a spoofing attack.

Best,
daniel dulitz
Previous By Date Next
Previous By Thread Next

Current thread: