[OT] Port 25 vulnerability

Randal, Phil prandal at HEREFORDSHIRE.GOV.UK
Fri Jan 30 16:29:02 GMT 2004 

No, it's caused by you being a human being and being slow (in computer
terms) at typing.

Phil

---------------------------------------------
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK 

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> Behalf Of Ugo Bellavance
> Sent: 30 January 2004 16:22
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: [OT] Port 25 vulnerability
> 
> 
> > -----Message d'origine-----
> > De : Randal, Phil [mailto:prandal at HEREFORDSHIRE.GOV.UK]
> > Envoyé : Friday, January 30, 2004 11:07 AM
> > À : MAILSCANNER at JISCMAIL.AC.UK
> > Objet : Re: Port 25 vulnerability
> > 
> > 
> > I'd guess the only way to differentiate is timing.
> > 
> > When you telnet in, there's some delay before you send any commands.
> Isn't that caused by a reverse lookup that fails?
> 
> Ugo
> > 
> > Phil
> > 
> > ---------------------------------------------
> > Phil Randal
> > Network Engineer
> > Herefordshire Council
> > Hereford, UK
> > 
> > > -----Original Message-----
> > > From: MailScanner mailing list 
[mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> > Behalf Of Bill Omer
> > Sent: 30 January 2004 16:02
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Re: Port 25 vulnerability
> >
> >
> > The only thing I can think of to do this would have to be 
> done on the
> > packet level.  Something could be made that monitors traffic
> > on port 25.
> > There would have to be a difference in the packets 
> generated by an MUA
> > vs packets generated by a telnet client.  Based on that 
> information, a
> > connection could be dropped when it's triggered.  I guess 
> it could be
> > possible to use tcpdump to do this, if there is a difference in the
> > packets.
> >
> > -B
> >
> > -----Original Message-----
> > From: MailScanner mailing list 
[mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> Behalf Of taz
> Sent: Friday, January 30, 2004 9:05 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Port 25 vulnerability
>
>
> I have a question about mail and port 25 in general.  I know that this
> is really not on the mailscanner subject so if I don't get an answer
> that is ok.  There are lots of servers that accept email, but don't
> allow you to telnet to port 25.  Since port 25 is a port that
> mail talks
> on how does one secure this port to only allow email to talk to it and
> not allow the "telnet hostname 25" action.  I know in this case telnet
> is disabled on the mail server.  Sorry for being so dopey on this one.
>
> Thanks,
> Travis
>

More information about the MailScanner mailing list