On Sat, 31 Jul 2004, Meng Weng Wong wrote:
On Sat, Jul 31, 2004 at 11:33:46AM -0400, Larry Seltzer wrote:
| This page (http://www.messagelevel.com/spoofing.cfm#spoofex) appears to
| have details on this particular phishing example, although nothing so
| straightforward as an actual message with headers.
A message with headers would be most informative, plus a
description of what OS and TCP software the receiving server
If TCP sequence number spoofing remains a viable attack, we
can construct an ESMTP ECHO field of the following form:
Spoofing TCP is quite difficult as TCP relies on acknoledgements from both
sides on each transmission. It takes very very very carefull planning to
do it right and get all the data properly timed.
On the other hand spoofing UDP is easy (its generally one-way communication
with no real establishment of sessions, etc) so if somebody really wanted
to get by with appearance of existing SPF record they could do it by
spoofing DNS TXT at the time of connection.
BTW - I strongly suspect the real USBANK ip address given came from forged
Received header but that the actual connection that delivered that phishing
email really came from another ip.