If a Unix system is setup to accept telnet logins then all that is
needed to access the system is a valid username and password. Usernames
are everywhere. Passwords can be guessed by password guessing programs
that run dictionaries and other schemes. My ISP's shell was hacked on
at least two occasions that I am aware of. The details of this are
far beyond me. I just know that it is possible. Masquerades and spoofs.
Carelessness, theivery.
On Tue, 06 Feb 2001 06:34:30 -0500, L.D. Best wrote:
> As I told someone else, this isn't exactly what was proposed but it is
> sorta. HUH??
> So far no one has been able to access & use from a pseudo-domain/pseudo
> user account? To date, all tries have been from valid domains by valid
> accounts on those domains. No try, to my knowledge, to come into port
> 25 & pretended to be me or [EMAIL PROTECTED] [as proposed in the
> message that started this whole discussion] has succeeded.
> Since the way mail gets passed from server to server around the world
> *has* to depend upon jumps through multiple servers, I guess that mail
> from a valid domain/user or SMTP server could always be accepted for
> forwarding or local delivery [don't want to have to leave the premises to
> send local e-mail, right?]. I think, if I've followed some headers
> correctly, that although the route is shown in the headers, only the
> last/current sender is validated. Otherwise, how could all that spam be
> spewn across the world?
> But I don't think I could telnet in from the VA hospital, cuz I'm not an
> "authorized user" even if I did manage to get behind the windoze facade
> and plug into telnet ... I might be able to telenet to my home ISP, but
> when it came time to send the message ... or before??? ... I'd suddenly
> be a "Sender NOT OK" because the computer at VA would stutter and raise
> holy ned when asked for validation.
> Now what would then happen at that point I don't know ... but apparently
> I could be queried for login?? Heck, it's been so long since I even
> telnetted locally I don't know that I could do it any more.
> I imagine that among this group is at least one individual who could
> manage to set up some sort of shield and create a false 'id' to contact
> [and respond?] to the server, but I don't know that the server could
> then be fooled into believing that false info was acceptable. Anyone
> know precisely how a server checks on the validity of a sending address?
> Is it a DNS kinda thing, or is it a matter of polling the "originating"
> server to see if the account information is valid, or ???
> The experimental will go on, I guess. I'm waiting for more info from
> the techie... :>
> l.d.
> ====
> On Tue, 6 Feb 2001 08:30:13 +0100, [EMAIL PROTECTED] (Howard Eisenberger) wrote:
>> On Mon, 05 Feb 2001 18:28:53 -0500,
>> "L.D. Best" <[EMAIL PROTECTED]> wrote:
>>> I wasn't going to reply, because it would just be another case of "no
>>> win" ...
>>> I will, instead, simply state that my ISP made clear a number of things
>>> about the types of firewall protection they have:
>>> 1. The SMTP server will not "open relay."
>>> 2. If the need arose for me to telnet into the servers, for mail
>>> tossing from foreign site [like when I'm stuck in the VA hospital], they
>>> would consider giving me a username & password that would allow it;
>>> without the username & password, it would not be possible to do.
>> I assume you are talking about telnetting to port 25 (smtp) and not
>> port 23 (telnet).
>> Before all this authentication business, they would have probably
>> told you to use the smtpserver at the VA hospital, period.
>> Authentication is less restrictive than IP-based protection. Also,
>> users don't have to change the smtpserver setting in their e-mail
>> client.
>>> 3. Anyone who believes such to not be the case can attempt to telnet
>>> into the SMTP server and see what happens.
>> So far, I believe you. :-)
>>> If [as I suspect] you can't
>>> even get close using just "go-concepts.com," and you are bound and
>>> determined to prove me wrong, please ask for the numeric address and I
>>> will provide it. If you *can* manage to break in, then my ISP would
>>> like to know that, and they won't get angry at you unless you also
>>> decide to send out a spew of spam.
>> I don't think it's a question of trying to prove anyone wrong, but of
>> trying to learn something. So, as long as port 25 is not blocked on my
>> network, surely, I should be able to telnet to one or more smtpservers
>> at go-concepts.com that will accept mail for you or anyone else at
>> go-concepts.com. Otherwise, how could anyone send you e-mail? Let's try
>> a couple.
>> (note - ESTMP without AUTH)
>> # telnet go-concepts.com 25
>> Trying 207.40.122.20 ...
>> Connected to go-concepts.com.
>> Escape character is '^]'.
>> 220 ns1.go-concepts.com ESMTP Sendmail 8.11.0/8.11.0;
>> Tue, 6 Feb 2001 01:11:35 -0500
>> EHLO nyx10.nyx.net
>> 250-ns1.go-concepts.com Hello [EMAIL PROTECTED] [206.124.29.2],
>> pleased to meet you
>> 250-ENHANCEDSTATUSCODES
>> 250-8BITMIME
>> 250-SIZE 7000000
>> 250-DSN
>> 250-ONEX
>> 250-ETRN
>> 250-XUSR
>> 250 HELP
>> mail from:<[EMAIL PROTECTED]>
>> 250 2.1.0 <[EMAIL PROTECTED]>... Sender ok
>> rcpt to:<[EMAIL PROTECTED]>
>> 250 2.1.5 <[EMAIL PROTECTED]>... Recipient ok
>> quit
>> 221 2.0.0 ns1.go-concepts.com closing connection
>> Connection closed by foreign host.
>> #
> �As I told someone else, this isn't exactly what was proposed but it is
>> (note - ESTMP with AUTH)
>> #telnet mail1.go-concepts.com
>> Trying 207.40.122.7 ...
>> Connected to mail1.go-concepts.com.
>> Escape character is '^]'.
>> 220 mail1.go-concepts.com ESMTP Sendmail 8.11.1/8.11.1;
>> Tue, 6 Feb 2001 00:13:03 -0500
>> EHLO nyx10.nyx.net
>> 250-mail1.go-concepts.com Hello nyx10.nyx.net [206.124.29.2],
>> pleased to meet you
>> 250-ENHANCEDSTATUSCODES
>> 250-8BITMIME
>> 250-SIZE 7000000
>> 250-DSN
>> 250-ONEX
>> 250-ETRN
>> 250-XUSR
>> 250-AUTH DIGEST-MD5 CRAM-MD5
>> 250 HELP
>> mail from:<[EMAIL PROTECTED]>
>> 250 2.1.0 <[EMAIL PROTECTED]>... Sender ok
>> rcpt to:<[EMAIL PROTECTED]>
>> 250 2.1.5 <[EMAIL PROTECTED]>... Recipient ok
>> quit
>> 221 2.0.0 mail1.go-concepts.com closing connection
>> Connection closed by foreign host.
>> #
>> Of course, I cannot use your ISP's mailservers to send mail to
>> third-parties, but this is always the case with closed relays
>> whether or not you have a password or some other method to do
>> so. Here's an example.
>> (note - Relaying denied without AUTH)
>> #telnet go-concepts.com 25
>> Trying 207.40.122.20 ...
>> Connected to go-concepts.com.
>> Escape character is '^]'.
>> 220 ns1.go-concepts.com ESMTP Sendmail 8.11.0/8.11.0;
>> Tue, 6 Feb 2001 02:20:23 -0500
>> ehlo nyx10.nyx.net
>> 250-ns1.go-concepts.com Hello [EMAIL PROTECTED] [206.124.29.2],
>> pleased to meet you
>> 250-ENHANCEDSTATUSCODES
>> 250-8BITMIME
>> 250-SIZE 7000000
>> 250-DSN
>> 250-ONEX
>> 250-ETRN
>> 250-XUSR
>> 250 HELP
>> mail from:<[EMAIL PROTECTED]>
>> 250 2.1.0 <[EMAIL PROTECTED]>... Sender ok
>> rcpt to:<[EMAIL PROTECTED]>
>> 550 5.7.1 <[EMAIL PROTECTED]>... Relaying denied
>> quit
>> 221 2.0.0 ns1.go-concepts.com closing connection
>> Connection closed by foreign host.
>> #
>> By the way, I normally use my ISP's smarthost (plain old-fashioned
>> IP-based closed relay) to send e-mail, but since this discussion
>> came up, I've been using POP-before-SMTP at gmx.net (a free e-mail
>> service) with my DOS mailers.
>> Howard E.
>> --
>> DOS TCP/IP * <URL:http://www.ncf.ca/~ag221/dosppp.html>
> --
> Join B'FOR - B'mothers For Open Records
> <A HREF=" http://www.b-for.org "> B'FOR web site</A>
> [Associate members of triad also welcome; membership confidential.]
> Every member counts! We need numbers to produce valid statistics.
> *******
> A proud member of
> <A HREF=" http://www.phenomenalwomen.com/ "> Phenomenal Women Of The Web</A>
> -- Arachne V1.70;rev.3, NON-COMMERCIAL copy, http://arachne.cz/
Sam Ewalt
Croswell, Michigan
USA
-- Arachne V1.70;rev.3, NON-COMMERCIAL copy, http://arachne.cz/
