nanog mailing list archives
Re: Transparent hijacking of SMTP submission...
From: joel jaeggli <joelja () bogus com>
Date: Sat, 29 Nov 2014 19:27:06 -0800
On 11/29/14 6:32 PM, Christopher Morrow wrote:
On Sat, Nov 29, 2014 at 3:09 PM, John Levine <johnl () iecc com> wrote:In article <CAL9jLaY1q_RBkyB6kczKZUiFR5b1r3kuVz8WivWR0Rjj_oaGTg () mail gmail com> you write:backing up a bit in the conversation, perhaps this is just in some regions of comcastlandia? I don't see this in Northern Virginia...I don't see it in New Jersey, either. Is this a direct connection, or a coffee shop sharing a cable connection or something like that?my test was a home consumer cable link, not business grade and not shared (more than cable is).
The phenomena I reported was observed on a consumer cable service (not my own). it is now no-longer in evidence with that same source ip. In answer an intermediate observation, the cpe and the devices on it are sufficiently well understood now to rule them out. from the mail servers vantage point... Nov 27 xxxxx nagasaki sm-mta[5698]: NOQUEUE: tcpwrappers ((reverse).wa.comcast.net, (ip) ) rejection given that the client gives up because it can't startssl and therefore won't attempt to auth. whereas a successful attempt with the same source ip is: Nov 26 xxxxx nagasaki sm-mta[397]: STARTTLS=server, relay=c-(reverse).wa.comcast.net [(ip)], version=TLSv1/SSLv3, verify=NOT, cipher=DHE-RSA-AES128-SHA, bits=128/128
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Re: Transparent hijacking of SMTP submission..., (continued)
- Re: Transparent hijacking of SMTP submission... Suresh Ramasubramanian (Nov 27)
- Re: Transparent hijacking of SMTP submission... Jay Ashworth (Nov 27)
- Re: Transparent hijacking of SMTP submission... William Herrin (Nov 29)
- Re: Transparent hijacking of SMTP submission... Jay Ashworth (Nov 27)
- Re: Transparent hijacking of SMTP submission... Randy Bush (Nov 29)
- Re: Transparent hijacking of SMTP submission... Sander Steffann (Nov 29)
- Re: Transparent hijacking of SMTP submission... Jean-Francois Mezei (Nov 29)
- Re: Transparent hijacking of SMTP submission... Christopher Morrow (Nov 29)
- Re: Transparent hijacking of SMTP submission... John Levine (Nov 29)
- Re: Transparent hijacking of SMTP submission... Christopher Morrow (Nov 29)
- Re: Transparent hijacking of SMTP submission... joel jaeggli (Nov 29)
- Re: Transparent hijacking of SMTP submission... Christopher Morrow (Nov 29)
- Re: Transparent hijacking of SMTP submission... William Herrin (Nov 30)
- Re: Transparent hijacking of SMTP submission... Sander Steffann (Nov 29)
- Re: Transparent hijacking of SMTP submission... Randy Bush (Nov 29)