On Sat, Jul 31, 2004 at 11:33:46AM -0400, Larry Seltzer wrote:
| This page (http://www.messagelevel.com/spoofing.cfm#spoofex) appears to
| have details on this particular phishing example, although nothing so
| straightforward as an actual message with headers.
A message with headers would be most informative, plus a
description of what OS and TCP software the receiving server
was running.
http://lcamtuf.coredump.cx/newtcp/
If TCP sequence number spoofing remains a viable attack, we
can construct an ESMTP ECHO field of the following form:
20040731-11:49:09 mengwong(_at_)dumbo:~% telnet dumbo 25
Trying 208.210.125.24...
Connected to dumbo.
Escape character is '^]'.
220 dumbo.pobox.com ESMTP Postfix
EHLO dumbo.pobox.com
250-dumbo.pobox.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ECHO 3yw4thwwhw345h2w35w9-huwtruhnsjbfdpsiodbnwaorghj
250 8BITMIME
MAIL FROM:<foo> SUBMITTER=<bar>
ECHO=3yw4thwwhw345h2w35w9-huwtruhnsjbfdpsiodbnwaorghj