ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: How would SPF or Sender Id caught this one?

2004-07-31 08:51:45
from [Meng Weng Wong] [Permanent Link] 

On Sat, Jul 31, 2004 at 11:33:46AM -0400, Larry Seltzer wrote:
| This page (http://www.messagelevel.com/spoofing.cfm#spoofex) appears to
| have details on this particular phishing example, although nothing so
| straightforward as an actual message with headers. 

A message with headers would be most informative, plus a
description of what OS and TCP software the receiving server
was running.

http://lcamtuf.coredump.cx/newtcp/

If TCP sequence number spoofing remains a viable attack, we
can construct an ESMTP ECHO field of the following form:

  20040731-11:49:09 mengwong(_at_)dumbo:~% telnet dumbo 25
  Trying 208.210.125.24...
  Connected to dumbo.
  Escape character is '^]'.
  220 dumbo.pobox.com ESMTP Postfix
  EHLO dumbo.pobox.com
  250-dumbo.pobox.com
  250-PIPELINING
  250-SIZE 10240000
  250-VRFY
  250-ETRN
  250-ECHO 3yw4thwwhw345h2w35w9-huwtruhnsjbfdpsiodbnwaorghj
  250 8BITMIME
  MAIL FROM:<foo> SUBMITTER=<bar> 
ECHO=3yw4thwwhw345h2w35w9-huwtruhnsjbfdpsiodbnwaorghj
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: How would SPF or Sender Id caught this one?, Larry Seltzer
Next by Date:  Different Sender-ID definition, Douglas Otis
Previous by Thread:  Re: How would SPF or Sender Id caught this one?, Richard Parker
Next by Thread:  Re: How would SPF or Sender Id caught this one?, william(at)elan.net
Indexes:  [Date] [Thread] [Top] [All Lists]