[2347] in WWW Security List Archive
Re: Email Hack: Help.
daemon@ATHENA.MIT.EDU (Ben Camp)
Mon Jul 8 11:57:55 1996
Date: Mon, 08 Jul 1996 08:39:44 -0500
To: Doug Breault <dbreault@ns.sprintout.com>,
World Wide Web Security <WWW-SECURITY@ns2.rutgers.edu>
From: Ben Camp <benc@geocel.com>
Errors-To: owner-www-security@ns2.rutgers.edu
The one thing that noone here has come out and said is that it is quite
possible there is no hacker trying to maliciously penetrate your system.
Read RFC822 for information on the SMTP protocol or telnet to your POP3 port
and RETR some messages to see the actual headers. There is no knowledge of
anything necessary to change the From: address. You can make it as
realistic as you like by just typing whatever you want in your "Real Name"
and "Return Address" fields.
SMTP requires no authentication, and if it did would require knowledge of
authentication by every single server on the Internet and every client
without a restructuring of the way DNS is set up all over the world. I
hardly beleive someone mailing out get rich quick schemes deserves to be
prosecuted; instead they should be left to wither in their own mongoloidocity.
As for CERT..., how many times a day do you think CERT gets a call or an
Email about fake email? What do you want them to do? Rewrite the RFC for
SMTP? They are the Computer Emergency Response Team. You're trying to call
911 and the FBI over a cat stuck in a tree.
Ben Camp
Geocel International
To join the WebTools Mailing List, for discussions of shareware and
commercial WWW Analysis, Monitoring, Security, CGI Scripts, and other useful
tools.
Email:
listserv@geocel.com
In the body of your message put:
subscribe webtools
>We've got a problem here with a hacker. There's some punk
>apparently hacking a mail server somewhere and sending BS postings all over
>the net regarding get rich quick schemes, etc - from a non-existent
>account on our server. They've done it twice so far, from two different
>non-existent accounts.
>1. Is there any authority who we can call about this type of incident?
>2. What are the methods one uses to do fake these FROM fields? And is
> there a way to prevent it?
>3. What are the limits of prosecution available, is it typical US justice
> where even if they're caught red handed, nothing is done?
