In <200407311534(_dot_)i6VFYB8c076342(_at_)above(_dot_)proper(_dot_)com> "Larry
Seltzer" <larry(_at_)larryseltzer(_dot_)com> writes:
This page (http://www.messagelevel.com/spoofing.cfm#spoofex) appears to
have details on this particular phishing example, although nothing so
straightforward as an actual message with headers.
This web page appears to have a large error. It claims:
However, email delivery is basically a ONE WAY BROADCAST
transaction. Meaning that your computer isn't really requesting
anything of the other computer, it's simply delivering in a
broadcast sense. This means that you can drop emails into the
internet stream any where in the world, write the appropriate from
addresses and origination IP addresses into the "text" headers of
the email and they'll be delivered. It's that simple. [snip]
It is not that simple. All TCP connections, SMTP included, use a
three-way handshake to start up the connection. This means that email
is *not* a one way broadcast, there *is* a request from your computer
to the sender.
If the operating system on the receiving MTA uses good, random
sequence numbers, IP spoofing will be hard enough to do to make it
impractical. All major OSes that are reasonable current have
sufficiently random sequence numbers and many OSes have been secure
for much longer.
I agree with others, we need far more details about the actual email
and the receiving OS that was involved.
-wayne