Try telnet connection abuse.
An would be Attacker has connected directly to service using Telnet and
could keep the connection open by hitting keystrokes over and over again.
At 02:28 PM 8/23/00 -0700, David Lang wrote:
>it is possible for a firewall to detect that each character is arriving in
>a seperate packet and flag the connection as 'probably from a telnet
>session' but any halfway decent hacker can bypass this check if they want
>to so it's just a speedbump. (Raptor firwewall has an option to do this)
>
>David Lang
>
> On Wed, 23 Aug 2000, mouss wrote:
>
> > Date: Wed, 23 Aug 2000 22:47:01 +0200
> > From: mouss <[EMAIL PROTECTED]>
> > To: [EMAIL PROTECTED],
> > "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
> > Subject: Re: SMTP servers
> >
> > There is nothing that a firewall can use to distinguish a "normal"client
> > from a guy who telnet to the
> > port, for the simple reason that both are exactly the same thing.
> >
> > an smtp connection consists of a client connectiing to port 25 of a host
> > sending commands and
> > reading responses. This client may be anything that is capable of handling
> > a TCP connection.
> > The telnet program may be used for this.
> >
> > so a firewall that rejects an SMTP connection just because it thinks it is
> > coming from a "user doing
> > telnet" is not only stupid, but it is not serving SMTP. relying on headers
> > is not only useless, it is a
> > loss of developpers energy, of the host CPU and yet another source of bugs.
> >
> > The problem of forged SMTP connections is the same as that of forged
> > letters. the only way to guard against
> > is to add a verification process which makes it harder to communicate by
> > email. you can use encryption to make
> > sure who sent what, but only if you know who can send you mail. if you
> > accept to receive email from anybody,
> > then that's it, you choosed to get served, accept the risks....
> >
> >
> > mouss
> >
> >
> > At 10:43 23/08/00 -0700, [EMAIL PROTECTED] wrote:
> >
> > >The characteristics of a Telnet connection are significantly different
> > >from a standard SMTP connection and some firewall proxies can recognize
> > >and drop Telnet connections but what's the point? It's trivial to
> create
> > >an interactive SMTP emulation that would bypass this check. The port is
> > >designed to for TCP connections that passes ASCII text characters. What
> > >would you be accomplishing by preventing/dropping Telnet connections?
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
