In
<4(_dot_)3(_dot_)2(_dot_)7(_dot_)2(_dot_)20030411075710(_dot_)02d3f100(_at_)mail(_dot_)tds(_dot_)net>
Brad Spencer <brad(_dot_)madison(_at_)mail(_dot_)tds(_dot_)net> writes:
Evading accountability
- forging envelope sender
- forging From header
Very typically they HELO with a false identity.
Unless I'm missing something, aren't HELO commands optional and just
add, effectively, a comment from the sender MTA to the receiver MTA?
EHLO does provide information about the SMTP extentions that the
receiver MTA suppors, but it is still optional.
There's asymmetric IP spam sending - Ralsky used that in Dallas, don't
know if he (or anyone) does now. He had a link between a system with
a fast internet connection and a system with a dialup line (could
easily all be on the same system). He spoofed the dialup IP in the
packets sent out on the fast connection. The reply packets came back
through the dialup system.
How did he get around the three way handshake of a TCP connection and
the random sequence numbers? Did he have a back channel from the slow
system to the fast system?
Evasion of human caution
- fake DSN
DNS?
Maybe, or maybe "Delivery Status Notification". That is, the expaned
SMTP error codes.
-wayne
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg