Re: [Asrg] 1. inventory of problems draft 2

[wayne <wayne@midwestcs.com>]

In <4.3.2.7.2.20030411075710.02d3f100@mail.tds.net> Brad Spencer <brad.madison@mail.tds.net> writes:

> >Evading accountability
> >         - forging envelope sender
> >         - forging From header
> 
> Very typically they HELO with a false identity.

Unless I'm missing something, aren't HELO commands optional and just
add, effectively, a comment from the sender MTA to the receiver MTA?
EHLO does provide information about the SMTP extentions that the
receiver MTA suppors, but it is still optional.


> There's asymmetric IP spam sending - Ralsky used that in Dallas, don't
> know if he (or anyone) does now.  He had a link between a system with
> a fast internet connection and a system with a dialup line (could
> easily all be on the same system).  He spoofed the dialup IP in the
> packets sent out on the fast connection.  The reply packets came back
> through the dialup system.

How did he get around the three way handshake of a TCP connection and
the random sequence numbers?  Did he have a back channel from the slow
system to the fast system?


> >Evasion of human caution
> >         - fake DSN
> 
> DNS?

Maybe, or maybe "Delivery Status Notification".  That is, the expaned
SMTP error codes.



-wayne

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg