[Dshield] New Relay Exploit?
Funk Jr, Joseph C.
jcfunkjr at co.bucks.pa.us
Thu Jan 8 17:10:24 GMT 2004
I absolutely Agree with everything John says, but just want to point out that SMTP Open Relays are often still part of the process, in addition to open proxies. Although not necessary as, of course, you could just connect directly (using the proxy) to the the victims mail server and send mail as anyone to any user with a mailbox on 'that' server, open relay or not. As you mention, this both hides their IP, and also allows for spoofing the return SMTP address.
I feel many use the middle ground still (although this is obviously swinging more and more in the direction you discussed) where they gather proxy addresses and also gather open relay addresses and combine the use of the open proxy with the use of an open relay.
Again, however, I agree things are definately (and have been) heading in that direction.
From: Coxe, John B. [mailto:JOHN.B.COXE at saic.com]
Sent: Wednesday, January 07, 2004 4:47 PM
To: 'General DShield Discussion List'
Subject: RE: [Dshield] New Relay Exploit?
More information about the list