[1181] in WWW Security List Archive
Re: mail port [Off Topic]
daemon@ATHENA.MIT.EDU (Rafi Sadowsky)
Fri Nov 17 05:19:07 1995
Date: Fri, 17 Nov 1995 08:46:13 +0200 (IST)
From: Rafi Sadowsky <rafi@tavor.openu.ac.il>
To: "Alec H. Peterson" <chuckie@panix.com>
Cc: Kluge <gfoulds@asel.udel.edu>, rfjimen@tesuque.cs.sandia.gov,
www-security@ns2.rutgers.edu
In-Reply-To: <199511162329.SAA06163@panix4.panix.com>
Errors-To: owner-www-security@ns2.rutgers.edu
1) I suggest moving this off www-security - I don't see the relevance ...
2) if the source(multiuser( machine is running an ident/auth server
and the destion MTA (say sendmail)log the owner of the TCP connection
using it (say the forger is not clever enough to cover his tracks using
a VM machine - then traceing the source machine even can be quite hard :-( )
I speak from experience- having tracked down SMTP mail forgers ...
(running outgoing telnett through a socks server that logs the
source/dest port+host+ local machine doesn't heart either - if you are
tracking down a forgery from your site to one that doesn't logg ident info)
P.S. - please don't start a falme war about the the security of ident/auth
a good case can be made that they are just as secure as rsh/rlogin
but that is really off topic
--
Rafi Sadowsky rafi@tavor.openu.ac.il
[postmaster@openu.ac.il] FAX: +972-3-6460744
On Thu, 16 Nov 1995, Alec H. Peterson wrote:
> Kluge writes:
> >
> >It's very easy to send 'anonymous' email via port 25. You aren't
> >supposed to do it, however, any user can. It is very easily trackable
> >however...
>
> I would say that calling spoofing mail 'easially trackable' is an
> overstatement. Certainly it is trivial to trace it to the machine
> that originated the message. But if the machine is being heavily used
> (ie, has many people logged in), it is far from trivial to narrow it
> down to who did it. Also, it becomes even harder if any of these
> users have access to cron/at, making it possible to run the job
> virtually any time without being logged in.
>
> ALec
>
> --
> +------------------------------------+--------------------------------------+
> |Alec Peterson - chuckie@panix.com | Panix Public Access UNIX and Internet|
> |Network Administrator | New York City, NY |
> +------------------------------------+--------------------------------------+
>
