Mailing List Archive

Mailing List: techdiver

Banner Advert

Message Display

From: "Ken Sallot" <KEN@co*.ci*.uf*.ed*>
Organization: CIRCA, University of Florida
To: Andy Schmidt <73467.2574@co*.co*>
Date: Fri, 5 Jan 1996 09:20:46 EST
Subject: Re: Bogus post my ass.. (Was Re: Bogus "join..forum" Mes.)
CC: techdiver@terra.net
Andy's header has in it:

> Received: from 73467.2574.compuserve.com (slip-ppp5.ramsey.nis.net
[198.69.26.84]) by arl-mail-svc-1.compuserve.com (8.6.10/8.6.9) with SMTP id
WAA22318.; Thu, 4 Jan 1996 22:11:57 -0500

Then he writes:

> Ken, it is a known "feature" of the internet SMTP (Simple Mail Transfer
Protocol) that most 
> mail servers will accept outgoing mail from ANY mail client. As long as the
message is 
> properly formatted, the mail server will take it and send it on it's way. The
person with 
> the mail client (e.g. a PC with any of the popular mailers or web browsers)
can set ANYTHING 
> they want in the "from:" field.

Randy, I know quite a bit about SMTP mailers and what not. Please 
note, you're using "nis.net" apparently as your slip/ppp feed in 
order to use some mail client to send mail. The message from Joel 
came FROM COMPUSERVE, not an external mail client.

> 
> Even worse, most mail servers (such as mail.compuserve.com) will accept ANY
outbound mail 
> from ANYONE. This message that I'm typing RIGHT NOW is being written while I
am dialed into 
> my regular Internet provider - but I have set up my mail software to route
all OUTBOUND mail 
> to mail.compuserve.com. The CompuServe outbound mail server (like most
others) will NOT 
> require a user id or logon or password so virtually EVERYONE can send
"CompuServe" 
> orginating messages with ANYTHING they want in the UserId. In essence, this
message right 
> now is a "fake" - my IP is currently on the NIS.NET subnet - but I'm posting
it through 
> MAIL.COMPUSERVE.COM. Except I'm faking the from: field to my show my very own
CompuServe 
> ID...

Sorry, your IP came through as from the NIS.NET in the message 
header. 198.xxx. something or other. Explode the header from the 
techdiver message. Most mail servers have reverse DNS lookup that 
shows where the message came from. Compuserve apparently has that, 
since it also shows your IP address as well as domain name (nis.net).

> 
> That is a know security issue on the Internet. Not just is the CONTENT of you
mail subject 
> to hacking, but more importantly, in many cases there is NO way to
"authenticate" the send 
> of a message. That's why conducting business on the Internet has been
attempted carefully - 
> one could order $100,000 worth of goods in SOMEONE ELSES name.

Reverse DNS lookups solve that problem. Compuserve does reverse DNS 
lookups. The message in question was FROM COMPUSERVE, not from 
anywhere else.

> 
> I hope my message will help you to look at the matter of fake mails with
different eyes.
> 
> Best Regards
> Andy Schmidt [NJ]

Andy I hope you learn more on SMTP yourself. I've been investigating 
the hell out of the fake message problem, and unfortunatly my mail 
server doesn't do reverse lookups, thats WHY I moderated the cavers 
list.

Ken
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Ken Sallot              "I'm not flying. I'm falling, with style"
CIRCA                                              - Buzz Lightyear
kens@uf*.ed*
(352) 392-2007
http://grove.ufl.edu/~ken
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Navigate by Author: [Previous] [Next] [Author Search Index]
Navigate by Subject: [Previous] [Next] [Subject Search Index]

[Send Reply] [Send Message with New Topic]

[Search Selection] [Mailing List Home] [Home]