RE:
Do you agree? If so, then I think this is important to mention
because it significantly reduces the risk level associated with
the vulnerability you're writing about; one cannot easily launch
this type of attack from anywhere on the Internet.
I disagree because "anywhere on the internet" has to include the thousands of
trojaned workstations
(and even servers) that are in the wild.
Terry Fielder
Manager Software Development and Deployment
Great Gulf Homes / Ashton Woods Homes
terry(_at_)greatgulfhomes(_dot_)com
Fax: (416) 441-9085
-----Original Message-----
From: owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org
[mailto:owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org]On Behalf Of Daryl
Odnert
Sent: Tuesday, August 31, 2004 12:48 PM
To: 'Chris Haynes'; IETF MARID WG
Subject: RE: TECH-OMISSION: Security vulnerability - Malicious DSNattacks
Chris Haynes wrote:
Normally, only MTAs that are operated by (or trusted by) V for outbound
SMTP mail processing would be configured this way. Therefore, the attack
is only likely to occur if it can be launched from an IP address that
normally submits mail from V to P.
Do you agree? If so, then I think this is important to mention
because it significantly reduces the risk level associated with
the vulnerability you're writing about; one cannot easily launch
this type of attack from anywhere on the Internet.
Regards,
Daryl Odnert
Tumbleweed Communications
Redwood City, California