[Dshield] SMTP question....

Valdis.Kletnieks@vt.edu Valdis.Kletnieks at vt.edu
Mon Aug 8 17:39:03 GMT 2005


On Mon, 08 Aug 2005 11:28:41 MDT, Josh Tolley said:

> It would be tough to send an entire email by spoofing the address 
> without having control over some computer or router close to either the 
> machine that received and reported to spamcop or over Mr. Golodner's 
> email server. That sort of spam would involve several packets, where the 
> source of the attack would have to see the responses from the receiving 
> server to get things like sequence numbers for the connection. Without 
> that control, the sender wouldn't ever see the responses.

No, "spoofed e-mail" usually means that you connected to the target machine's
port 25 via a normal TCP connection, sent it a bogus MAIL FROM and/or RCPT TO,
and in the DATA phase, included From:/To: headers as desired, usually including
one or more forged Received: lines to confuse people and possibly redirect blame
elsewhere....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20050808/6106d1d9/attachment.bin


More information about the list mailing list