Home page logo

basics logo Security Basics mailing list archives

RE: ESTMP Exploits & Security
From: "JTH" <jth () visi com>
Date: Wed, 17 Mar 2004 12:41:12 -0600

-----Original Message-----
From: Dante Mercurio [mailto:Dante () webcti com]
Sent: Wednesday, March 17, 2004 12:35 PM
To: JTH; security-basics () securityfocus com
Subject: RE: ESTMP Exploits & Security

I seem to remember a firewall or gateway product that distinguished
telnet attempts to an SMTP service by the fact that a manual telnet
session sends each character in a separate packet, and a true mail
connection does not.

I don't remember much detail, but may be a good place to start.

I've seen one or two of these; the problem with this is I can go into a
GUI mail client and pop in my client's SMTP server as my SMTP server,
never even needing to open a command line. So while a product like this
would mitigate one form of email spoofing, it's easily worked around.

Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]