On September 15, 2004 at 00:20 hjp-asrg(_at_)hjp(_dot_)at (Peter J. Holzer)
wrote:
Why should they? No legitimate user would want to send mail as
johndoe(_at_)ABordeaux-251-2-10-162(_dot_)w82-125(_dot_)abo(_dot_)wanadoo(_dot_)fr,
because he will
never be able receive an answer (assuming that this is an address in a
dynamic address pool). The legitimate user will send want to send mail
as johndoe(_at_)wanadoo(_dot_)fr, or maybe
johndoe(_at_)bordeaux(_dot_)wanadoo(_dot_)fr(_dot_)
Well, of course that's sensible, but the point really is that there is
little difference between hijacking your PC and just breaking into
your house and sitting down at your PC, as far as detectability of
intent goes.
So, if the ISP allows your PC to do direct delivery and will ACK your
SPF (however one might say that) then a zombie program on that PC will
be ACKed also.
I see a lot of that
johndoe(_at_)ABordeaux-251-2-10-162(_dot_)w82-125(_dot_)abo(_dot_)wanadoo(_dot_)fr
kind of addressing here but ok, so perhaps it becomes as you say,
johndoe(_at_)wanadoo(_dot_)fr or
johndoe(_at_)bordeaux(_dot_)wanadoo(_dot_)fr(_dot_)
The point is, if wanadoo.fr's servers will ACK for that PC when the PC
tries to send from johndoe(_at_)wanadoo(_dot_)fr then it'll ACK for a zombie
program running on that PC also.
AND, I contend, there'll be millions of such PCs (infected or not.)
--
-Barry Shein
Software Tool & Die | bzs(_at_)TheWorld(_dot_)com |
http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
The World | Public Access Internet | Since 1989 *oo*
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg