Port 25 vulnerability
Randal, Phil
prandal at HEREFORDSHIRE.GOV.UK
Fri Jan 30 16:06:41 GMT 2004
I'd guess the only way to differentiate is timing.
When you telnet in, there's some delay before you send any commands.
Phil
---------------------------------------------
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Bill Omer
> Sent: 30 January 2004 16:02
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Port 25 vulnerability
>
>
> The only thing I can think of to do this would have to be done on the
> packet level. Something could be made that monitors traffic
> on port 25.
> There would have to be a difference in the packets generated by an MUA
> vs packets generated by a telnet client. Based on that information, a
> connection could be dropped when it's triggered. I guess it could be
> possible to use tcpdump to do this, if there is a difference in the
> packets.
>
> -B
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> Behalf Of taz
> Sent: Friday, January 30, 2004 9:05 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Port 25 vulnerability
>
>
> I have a question about mail and port 25 in general. I know that this
> is really not on the mailscanner subject so if I don't get an answer
> that is ok. There are lots of servers that accept email, but don't
> allow you to telnet to port 25. Since port 25 is a port that
> mail talks
> on how does one secure this port to only allow email to talk to it and
> not allow the "telnet hostname 25" action. I know in this case telnet
> is disabled on the mail server. Sorry for being so dopey on this one.
>
> Thanks,
> Travis
>
More information about the MailScanner
mailing list