At 14:28 23/08/00 -0700, David Lang wrote:
>it is possible for a firewall to detect that each character is arriving in
>a seperate packet and flag the connection as 'probably from a telnet
>session'
The one-char mode is only relevant when the telnet protcol is used, that
is, when
connecting to a telnetd. if you telnet to port 25, telnet is just a generic
TCP connection
program (note though that the telnet program supplied by microsoft is full
of specific
discrepancies, and should not be used to deduce anything in the current
debate).
>but any halfway decent hacker can bypass this check if they want
>to so it's just a speedbump.
yes, a simple perl script can be used to send tons of messages!
Note that if it is just about froging the sender address, then nothing
stops you fom defining
your from, return, organization,... in outlook for example (but this is
true for all others!).
Note also that it is hard to send attachments using the telnet program
(unless you generate them
by another mean and then cut-and-paste). so finally, the telnet program is
the one that causes
the less trouble! also, sending a message using the telne program takes
more time than using
specific programs, so malicious guys tend to use more powerful tools.
>(Raptor firwewall has an option to do this)
to do what? to reject connections that are seeminlgly coming from a "telnet"?
Some companies seem to battle hard in the "got more feature than you. yes, they
are useless, but they are features". That's called Feature Crap in software
design.
regards,
mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
