On Thu, Jul 27, 2000 at 06:59:22AM -0400, Chris Brenton wrote:
> The attacker also needs to know the Window of time when the mail will be
> transferred between the two hosts. The size of this window will vary
> depending on the mail server. For example my mail server completes
> connects (on average) in less than 2 seconds. Pretty small window to try
> and hit. Other domains like hotmail.com typically have a heavy load so
> the time window is longer. This would be slightly easier to hit.
WEll, actually SMTP is not as interesting as HTTP is (Web Spoofing) and with
HTTP/1.1 you can actually asume a session to go on for minutes. (Of course I
dont see a good attack here since the simple DOS Approach doesnt help much
in a Network where the user is used to click "Reload".
Greetings
Bernd
--
(OO) -- [EMAIL PROTECTED] --
( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
(O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
