[Dshield] SMTP question....
Valdis.Kletnieks at vt.edu
Mon Aug 8 17:39:03 GMT 2005
On Mon, 08 Aug 2005 11:28:41 MDT, Josh Tolley said:
> It would be tough to send an entire email by spoofing the address
> without having control over some computer or router close to either the
> machine that received and reported to spamcop or over Mr. Golodner's
> email server. That sort of spam would involve several packets, where the
> source of the attack would have to see the responses from the receiving
> server to get things like sequence numbers for the connection. Without
> that control, the sender wouldn't ever see the responses.
No, "spoofed e-mail" usually means that you connected to the target machine's
port 25 via a normal TCP connection, sent it a bogus MAIL FROM and/or RCPT TO,
and in the DATA phase, included From:/To: headers as desired, usually including
one or more forged Received: lines to confuse people and possibly redirect blame
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20050808/6106d1d9/attachment.bin
More information about the list