Re: I found this today and iam reporting it to you first!!! (fwd)

[peter () ATTIC VUURWERK NL (Peter van Dijk)]

On Thu, Sep 02, 1999 at 12:01:40PM -0700, Technical Incursion Countermeasures wrote:
> You can do a variation on this one (well sort opf - is a logstanding prob)
>
> basically find two sites whose FW is conf'd to accept all mail and forward
> it to the real mailserver. If this mailserver bounces invalid addresses
> then you're on your way...

This is not so much a problem with FW's in general.

> spoof a mail from an invalid address on one end to an invalid address on
> the other. and sit back..
>
> the first site will accept the mail (this is the fault - it should reject
> if it is to comply with the IETF standard) and pass it inward, the
> mailserver then sends an error message to the "sender"  and the same
> process occurs at the other end...
>
> Rate of messages depends on bandwidth - but you can expect at least 1/sec...
>
> Of course you can multiply it if you send it to a list of recipients.. :}

This trick can only work if the envelope from-address on a bounce is NOT
empty ("<>"). Indeed, in that case a loop will occur.

I think you have found a firewall-SMTP implementation that handles bounces
in some really broken way.

Greetz, Peter

--
| 'He broke my heart,      |                              Peter van Dijk |
     I broke his neck'     |                     peter () attic vuurwerk nl |
   nognikz - As the sun    |           nognikz - As the sun    |        Hardbeat@ircnet - #cistron/#linux.nl |
http://www.nognikz.mdk.nu/ | http://www.nognikz.mdk.nu/ | Hardbeat@undernet - #groningen/#kinkfm/#vdh |