ietf-mxcomp
[Top] [All Lists]

Re: How would SPF or Sender Id caught this one?

2004-07-31 09:43:54

In <200407311534(_dot_)i6VFYB8c076342(_at_)above(_dot_)proper(_dot_)com> "Larry 
Seltzer" <larry(_at_)larryseltzer(_dot_)com> writes:

This page (http://www.messagelevel.com/spoofing.cfm#spoofex) appears to
have details on this particular phishing example, although nothing so
straightforward as an actual message with headers. 


This web page appears to have a large error.  It claims:

    However, email delivery is basically a ONE WAY BROADCAST
    transaction. Meaning that your computer isn't really requesting
    anything of the other computer, it's simply delivering in a
    broadcast sense. This means that you can drop emails into the
    internet stream any where in the world, write the appropriate from
    addresses and origination IP addresses into the "text" headers of
    the email and they'll be delivered. It's that simple. [snip]


It is not that simple.  All TCP connections, SMTP included, use a 
three-way handshake to start up the connection.  This means that email
is *not* a one way broadcast, there *is* a request from your computer
to the sender.

If the operating system on the receiving MTA uses good, random
sequence numbers, IP spoofing will be hard enough to do to make it
impractical.  All major OSes that are reasonable current have
sufficiently random sequence numbers and many OSes have been secure
for much longer.


I agree with others, we need far more details about the actual email
and the receiving OS that was involved.


-wayne