On Wed, Sep 14, 2005 at 08:26:54PM -0400, Robert E.Seastrom wrote:
...
When ARPA and MILNET were segmented in 1984, there were
(Fuzzball-based IIRC) mail gateways between the two networks.
...
I hadn't thought back to that. From what I remember of the intent, and
the little I knew about the
Application layer firewalls have existed for at least 6 years.
Make that 15
I suspect that claiming to that they existed farther back than 1990 would
require careful debate about the functionality.
Taking it at its most general: a boundary barrier service that mediated
particular
On Wed, 14 Sep 2005, Roy Badami wrote:
Perhaps because most telnet clients will attempt telnet option
negotiation?
No they won't. I don't have any copies of BSD to hand from before 1987,
but even then Berkeley Telnet would not do unsolicited option negotiation
if you specified a port number.
On 9/14/05, Mike Tancsa [EMAIL PROTECTED] wrote:
Port 587?
Not everyone implements that. You would make a large part of the
internet unreachable via email
vinyl# telnet mx2.mail.yahoo.com 587
Trying 67.28.114.36...
telnet: connect to address 67.28.114.36: Connection refused
Trying
does anyone else find it highly odd and
worrisome that they're sending emails to alert FEMA of a crisis,
instead of, I don't know - phone calls? if I'm a federal agency and I
require FEMA's resources immediately, I'm going to pick up the phone
and call them; not fire off an email marked
At 07:28 AM 14/09/2005, Suresh Ramasubramanian wrote:
On 9/14/05, Mike Tancsa [EMAIL PROTECTED] wrote:
Port 587?
Not everyone implements that. You would make a large part of the
internet unreachable via email
vinyl# telnet mx2.mail.yahoo.com 587
Trying 67.28.114.36...
telnet: connect to
On Tue, Sep 13, 2005 at 11:09:54PM -0700, Dave Crocker wrote:
Application layer firewalls have existed for at least 6 years.
Make that 15
I suspect that claiming to that they existed farther back than 1990 would
require careful debate about the functionality.
Taking it at its most
Joseph S D Yao [EMAIL PROTECTED] writes:
Dave,
I think the mail gateways back when the various networks were being put
together into an internet had as their functional purpose unifying
disparate networks. On the contrary, a firewall has as its purpose
partitioning a network that
In message [EMAIL PROTECTED], Joseph S D Yao writes
:
On Tue, Sep 13, 2005 at 11:09:54PM -0700, Dave Crocker wrote:
I think the mail gateways back when the various networks were being put
together into an internet had as their functional purpose unifying
disparate networks. On the contrary, a
This is the first I've heard of this...
Via The Inquirer:
[snip]
REPORTERS at the Wall Street Journal said they have seen documents which show
that a swift response by the US federal government to Hurricane Katrina was
hampered because FEMA computer servers crashed.
Michael Brown, FEMA's
on Tue, Sep 13, 2005 at 01:13:19PM +, Fergie (Paul Ferguson) quoth:
Attempts by agencies to spur the Federal Emergency Management Agency
into urgent action were met with bouncing emails, the Journal said.
It quoted a Department of Health official as saying every email it had
sent to
At 09:31 AM 13/09/2005, Steven Champeon wrote:
Does anyone know what their mail infrastructure looks like? From what I
can see, they don't even have an MX record for fema.gov...
No MX record, and the A record for fema.gov does not accept smtp traffic.
# telnet fema.gov smtp
Trying
On Tue, 13 Sep 2005, Fergie (Paul Ferguson) wrote:
It quoted a Department of Health official as saying every email it had
sent to FEMA staff bounced. They need a better internet provider during
disasters, the Journal quoted her or him as saying.
A number of US agencies made desperate calls
In message [EMAIL PROTECTED], william(at)elan
.net writes:
On Tue, 13 Sep 2005, Fergie (Paul Ferguson) wrote:
It quoted a Department of Health official as saying every email it had
sent to FEMA staff bounced. They need a better internet provider during
disasters, the Journal quoted her or
Steven M. Bellovin wrote:
In message [EMAIL PROTECTED], william(at)elan
.net writes:
not say which computer systems FEMA uses.
$ dig mx fema.gov
;; ANSWER SECTION:
fima.org. 3600IN MX 0 smtp.secureserver.net.
fima.org. 3600IN MX
On Tue, Sep 13, 2005 at 10:08:59AM -0400, Steven M. Bellovin wrote:
In message [EMAIL PROTECTED], william(at)elan
.net writes:
;; ANSWER SECTION:
fima.org. 3600IN MX 0 smtp.secureserver.net.
fima.org. 3600IN MX 10
On 13/09/05, Steven M. Bellovin [EMAIL PROTECTED] wrote:
$ dig mx fema.gov
;; ANSWER SECTION:
fima.org. 3600IN MX 0 smtp.secureserver.net.
fima.org. 3600IN MX 10
mailstore1.secureserver.net
That's interesting -- I'm not getting that
The newspaper did not say which computer systems FEMA uses.
$ dig mx fema.gov
;; ANSWER SECTION:
fima.org. 3600IN MX 0 smtp.secureserver.net.
fima.org. 3600IN MX 10 mailstore1.secureserver.net
That's interesting -- I'm not getting
on Tue, Sep 13, 2005 at 09:54:42AM -0400, Mike Tancsa wrote:
At 09:31 AM 13/09/2005, Steven Champeon wrote:
Does anyone know what their mail infrastructure looks like? From what I
can see, they don't even have an MX record for fema.gov...
No MX record, and the A record for fema.gov does
On Tuesday 13 September 2005 09:23, william(at)elan.net wrote:
Which indeed means they have no MX servers listed and that MAY be a
problem for some mail servers (though normally mail servers are supposed
to send email based on A record then).
Obviously not having MX record is not considered
william(at)elan.net wrote:
Which indeed means they have no MX servers listed and that MAY be a
problem for some mail servers (though normally mail servers are
supposed to send email based on A record then).
Uh, which mainstream mail server out there is ignorant enough not to
send to A
At 10:29 AM 13/09/2005, Steven Champeon wrote:
on Tue, Sep 13, 2005 at 09:54:42AM -0400, Mike Tancsa wrote:
Looks Solaris'ish
# telnet ns2.fema.gov smtp
Trying 162.83.67.144...
Connected to ns2.fema.gov.
Escape character is '^]'.
220 ns2.fema.gov ESMTP Sendmail 8.11.7p1+Sun/8.11.7;
On Tue, 13 Sep 2005, Christian Kuhtz wrote:
william(at)elan.net wrote:
Which indeed means they have no MX servers listed and that MAY be a problem
for some mail servers (though normally mail servers are supposed to send
email based on A record then).
Uh, which mainstream mail server
On 9/13/05, Fergie (Paul Ferguson) [EMAIL PROTECTED] wrote:
Attempts by agencies to spur the Federal Emergency Management Agency into
urgent action were met with bouncing emails, the Journal said.
while the lot of you can debate proper DNS records and what OS their
mail server might be
On Tue, 13 Sep 2005 10:39:21 EDT, Christian Kuhtz said:
william(at)elan.net wrote:
Which indeed means they have no MX servers listed and that MAY be a
problem for some mail servers (though normally mail servers are
supposed to send email based on A record then).
Uh, which
On Sep 13, 2005, at 1:13 PM, Fergie (Paul Ferguson) wrote:
Attempts by agencies to spur the Federal Emergency Management
Agency into urgent action were met with bouncing emails, the
Journal said.
http://www.fema.gov/staff/extended.jsp
Lists an IT Services Division that has ~250
[EMAIL PROTECTED] wrote:
On Tue, 13 Sep 2005 10:39:21 EDT, Christian Kuhtz said:
william(at)elan.net wrote:
Which indeed means they have no MX servers listed and that MAY be a
problem for some mail servers (though normally mail servers are
supposed to send email based on A record
http://www.fema.gov/staff/extended.jsp
Lists an IT Services Division that has ~250 possible points of
contact.
Surely one of them has some clue... :-/ I think this sort of
problem
shows the endemic disease currently in place at FEMA. It's not just
an IT gaffe or firewall
On Sep 13, 2005, at 11:13 AM, Hannigan, Martin wrote:
ObOp: Email is NOT a reliable form of communication.
^^^ unrelated and I disagree...
DHS shouldn't start to think so either. NANOG
shouldn't worry about if someones email is working
as a byproduct, but sure
On Tue, Sep 13, 2005 at 07:23:33AM -0700, william(at)elan.net wrote:
...
Which indeed means they have no MX servers listed and that MAY be a
problem for some mail servers (though normally mail servers are supposed
to send email based on A record then).
Obviously not having MX record is
At 03:50 PM 13/09/2005, Joseph S D Yao wrote:
Oh, and also ... please consider that some firewalls try to discern
whether the connection on port 25 is from a mail server or from Telnet.
While I mourn the simplicity of manual debugging of such sites, it
remains that: the fact that you can't
On Tue, Sep 13, 2005 at 04:15:29PM -0400, Mike Tancsa wrote:
At 03:50 PM 13/09/2005, Joseph S D Yao wrote:
Oh, and also ... please consider that some firewalls try to discern
whether the connection on port 25 is from a mail server or from Telnet.
While I mourn the simplicity of manual
In message [EMAIL PROTECTED], Joseph S D Yao writes
:
On Tue, Sep 13, 2005 at 04:15:29PM -0400, Mike Tancsa wrote:
At 03:50 PM 13/09/2005, Joseph S D Yao wrote:
Oh, and also ... please consider that some firewalls try to discern
whether the connection on port 25 is from a mail server or
On Tue, 13 Sep 2005 15:50:12 EDT, Joseph S D Yao said:
Oh, and also ... please consider that some firewalls try to discern
whether the connection on port 25 is from a mail server or from Telnet.
OK, I'll bite. A long time ago, I saw code that would trap the fact that many
telnet binaries
On Tue, Sep 13, 2005 at 04:28:41PM -0400, Steven M. Bellovin wrote:
...
Telnet options, and for that matter speed, happen after the 3-way
handshake. We're not getting that far.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
Steve, I defer to your expertise, as always.
On Tue, Sep 13, 2005 at 04:56:58PM -0400, Joseph S D Yao wrote:
On Tue, Sep 13, 2005 at 04:28:41PM -0400, Steven M. Bellovin wrote:
...
Telnet options, and for that matter speed, happen after the 3-way
handshake. We're not getting that far.
--Steven M. Bellovin,
OBTW, this discussion of how SEF tells the difference between SMTP and
telnet is rather beside the point. Most of what I wrote was, read
RFC 2821. It's a little different from the RFC 821 that some of us have
always cited, but I believe the points I noted are the same. AND it's a
bit more OT,
In message [EMAIL PROTECTED], Joseph S D Yao writes
:
On Tue, Sep 13, 2005 at 04:56:58PM -0400, Joseph S D Yao wrote:
On Tue, Sep 13, 2005 at 04:28:41PM -0400, Steven M. Bellovin wrote:
...
Telnet options, and for that matter speed, happen after the 3-way
handshake. We're not getting that
On Tue, Sep 13, 2005 at 05:54:03PM -0400, Steven M. Bellovin wrote:
In message [EMAIL PROTECTED], Joseph S D Yao writes
:
On Tue, Sep 13, 2005 at 04:56:58PM -0400, Joseph S D Yao wrote:
On Tue, Sep 13, 2005 at 04:28:41PM -0400, Steven M. Bellovin wrote:
...
Telnet options, and for that
For contact us, I'm now getting a 403 error:
Forbidden
You don't have permission to access /feedback/ on this server.
Apache/1.3.33 Server at www.fema.gov Port 80
--
William Allen Simpson
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
On 9/13/2005 5:23 PM, Joseph S D Yao wrote:
SEF [is] unique in that it can detect what appear to be telnet
connections to Port 25 and drop the connection. This is probably because
telnet connections send one character at a time whereas real SMTP
clients send all the strings at once.
While
On Tue, 13 Sep 2005, Joseph S D Yao wrote:
There is no requirement - even in this century - for MX records. It is
a Good Idea(tm). But not a requirement. Lack of MX records does NOT
mean that you lose the store-and-forward capability of SMTP. Lack of a
secondary server, while equally not
william(at)elan Could you elaborate on how firewall will
william(at)elan determine if the connection is from mail server
william(at)elan or from telnet on port 25?
Perhaps because most telnet clients will attempt telnet option
negotiation? If so one could avoid this by using a
On Wed, 14 Sep 2005, Roy Badami wrote:
william(at)elan Could you elaborate on how firewall will
william(at)elan determine if the connection is from mail server
william(at)elan or from telnet on port 25?
Perhaps because most telnet clients will attempt telnet option
negotiation? If
On Tue, Sep 13, 2005 at 04:31:05PM -0700, william(at)elan.net wrote:
Telnet option negotiation is at Layer 7 after TCP connection has been
established. Firewalls typically don't operate at this level (TCP session
is Layer 4 if I remember right) and would refuse or reject (difference
type of
Adam McKenna wrote:
On Tue, Sep 13, 2005 at 04:31:05PM -0700, william(at)elan.net wrote:
Telnet option negotiation is at Layer 7 after TCP connection has been
established. Firewalls typically don't operate at this level (TCP session
is Layer 4 if I remember right) and would refuse or reject
$ dig mx fema.gov
;; ANSWER SECTION:
fima.org. 3600IN MX 0 smtp.secureserver.net.
fima.org. 3600IN MX 10
mailstore1.secureserver.net
That's interesting -- I'm not getting that response.
from tokyo
roam.psg.com:/usr/home/randy dig
In message [EMAIL PROTECTED], Adam McKenna writes:
On Tue, Sep 13, 2005 at 04:31:05PM -0700, william(at)elan.net wrote:
Telnet option negotiation is at Layer 7 after TCP connection has been
established. Firewalls typically don't operate at this level (TCP session
is Layer 4 if I remember
Application layer firewalls have existed for at least 6 years.
Make that 15
Socks, fwtk (before it went commercial) to name a few.
-M
On Tue, Sep 13, 2005 at 04:31:05PM -0700, william(at)elan.net wrote:
On Wed, 14 Sep 2005, Roy Badami wrote:
william(at)elan Could you elaborate on how firewall will
william(at)elan determine if the connection is from mail server
william(at)elan or from telnet on port 25?
Perhaps
50 matches
Mail list logo