[1184] in WWW Security List Archive
Re: mail port [Off Topic]
daemon@ATHENA.MIT.EDU (Jonathon Tidswell)
Mon Nov 20 01:03:34 1995
From: Jonathon Tidswell <t-jont@microsoft.com>
To: chuckie@panix.com
Date: Mon, 20 Nov 95 09:32:23 TZ
Cc: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Supposedly Alec Peterson <chuckie@panix.com> wrote:
| Kluge writes:
| >
| >It's very easy to send 'anonymous' email via port 25. You aren't
| >supposed to do it, however, any user can. It is very easily trackable
| >however...
|
| I would say that calling spoofing mail 'easially trackable' is an
| overstatement. Certainly it is trivial to trace it to the machine
| that originated the message. But if the machine is being heavily used
| (ie, has many people logged in), it is far from trivial to narrow it
| down to who did it. Also, it becomes even harder if any of these
| users have access to cron/at, making it possible to run the job
| virtually any time without being logged in.
Unfortunately he understated the problem.
I have seen a convincing desciption of how to use remote network
daemons other than sendmail to send smtp mail.
Thus you cant even track back to the originating *machine*, let alonse user.
However this is not the place so I wont go into details.
[ Its unlikely you'd convince me as to your identity anyway. ]
- Jon Tidswell
