Randy Smith wrote: > One possibility I have not heard discussed would be to write a wrapper > that can distinguish the difference between protocol messages sent by an > SMTP program and a person composing them at a Telnet prompt. The former > would likely arrive as a single packet per protocal message, while the > latter would likely arrive as a single character per packet (Telnet > generally does not buffer lines). Another option might be to send back > a Telnet control/negotiation message - an SMTP program would likely > ignore it, while a Telnet program would respond. I havent tried either > of these approaches, but think they would detect most user attempts to > spoof SMTP using Telnet.
Some telnet clients can be set to line mode. Netcat sends a line at a time and it won't respond to telnet control messages either. I've seen some SMTP server implementations that in addition to requiring SMTP commands to arrive in a single packet go so far as to have a small timeout between received SMTP commands and will drop the connection if it is exceeded (the time it takes somebody to type the command rather than programmatic generation). However, there's no way to distinguish netcat from the real thing if it is scripted. Such efforts are a waste of time and are not addressing the real problem. -paul _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
