[176414] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Transparent hijacking of SMTP submission...

daemon@ATHENA.MIT.EDU (joel jaeggli)
Thu Nov 27 14:54:30 2014

X-Original-To: nanog@nanog.org
Date: Thu, 27 Nov 2014 11:54:15 -0800
From: joel jaeggli <joelja@bogus.com>
To: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--GXe0pxBkX88a9aRIn9FhS9c2hbpXqB31f
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

I don't see this in my home market, but I do see it in someone else's...
I kind of expect this for port 25 but...

J@mb-aye:~$telnet 147.28.0.81 587
Trying 147.28.0.81...
Connected to nagasaki.bogus.com.
Escape character is '^]'.
220 nagasaki.bogus.com ESMTP Sendmail 8.14.9/8.14.9; Thu, 27 Nov 2014
19:17:44 GMT
ehlo bogus.com
250-nagasaki.bogus.com Hello XXXXXXXXXXXXXXX.wa.comcast.net
[XXX.XXX.XXX.XXX], pleased to meet you
250 ENHANCEDSTATUSCODES

J@mb-aye:~$telnet 2001:418:1::81 587
Trying 2001:418:1::81...
Connected to nagasaki.bogus.com.
Escape character is '^]'.
220 nagasaki.bogus.com ESMTP Sendmail 8.14.9/8.14.9; Thu, 27 Nov 2014
19:18:33 GMT
ehlo bogus.com
250-nagasaki.bogus.com Hello
[IPv6:2601:7:2380:XXXX:XXXX:XXXX:c1ae:7d73], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN
250-STARTTLS
250-DELIVERBY
250 HELP

that's essentially a downgrade attack on my ability to use encryption
which seems to be in pretty poor taste frankly.



--GXe0pxBkX88a9aRIn9FhS9c2hbpXqB31f
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iEYEARECAAYFAlR3gWcACgkQ8AA1q7Z/VrLl+ACePwQPWJLHX94OdSrURl8GzlVz
eLUAniLrsE992KzaKwrtarvWwFNEILIy
=zFsT
-----END PGP SIGNATURE-----

--GXe0pxBkX88a9aRIn9FhS9c2hbpXqB31f--
home help back first fref pref prev next nref lref last post