[OT] Port 25 vulnerability

[Steve Thomas]

On Fri, Jan 30, 2004 at 08:36:49AM -0700, taz is rumored to have said:
>
> Sure.
> Try doing an nslookup with type=mx on amazon or microsoft or even
> weldre5j.k12.co.us and then try telneting to port 25 of one of those servers

# dig microsoft.com mx

; <<>> DiG 9.2.1 <<>> microsoft.com mx
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61982
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 6

;; QUESTION SECTION:
;microsoft.com.                 IN      MX

;; ANSWER SECTION:
microsoft.com.          3600    IN      MX      10 maila.microsoft.com.
microsoft.com.          3600    IN      MX      10 mailb.microsoft.com.
microsoft.com.          3600    IN      MX      10 mailc.microsoft.com.


# telnet maila.microsoft.com 25
Trying 131.107.3.125...
Connected to maila.microsoft.com.
Escape character is '^]'.
220 inet-imc-01.redmond.corp.microsoft.com Microsoft.com ESMTP Server Fri, 30 Jan 2004 09:34:05 -0800
quit
221 2.0.0 inet-imc-01.redmond.corp.microsoft.com Service closing transmission channel
Connection closed by foreign host.


All telnet does is open a TCP session. There's no way for the server to know what client is being used to initiate the connection - that's kind of the point of using a standard protocol (TCP over IP)...


--
"My occupation now, I suppose, is jail inmate."
- Unibomber Theodore Kaczynski, when asked in court what his current profession was