Full Disclosure mailing list archives
Re: RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S
From: Gossi The Dog <gossi () lab6 com>
Date: 11 Apr 2003 09:14:46 +0100
On Fri, 2003-04-11 at 07:07, Valdis.Kletnieks () vt edu wrote:
On Wed, 09 Apr 2003 22:12:45 EDT, Jason <security () brvenik com> said:Look at how your "protections" expose you when dealing with lists too. Then look at those annoying out of office notifications. Nothing like telling a lot of people the perfect contact points in an org doing some type of security, ohh and by the way, they are out of the office!And better yet, the mail packages that are the biggest offenders are also both quite well known as the subject of security advisories, and also quite helpful in providing their exact release/build info, so you can carefully craft a message for maximum impact. Might as well just attach a .BMP of concentric red-and-white circles to the note ;)
Well - indeed. I seem to recall if you send duff (like 500 bytes) SMTP commands to NAI Webshield, it causes it to crash. I never really bothered following it up. Plus, NAI Webshield doesn't log the IP in email headers of connecting servers. So you can do HELO nasa.gov, and it passes it on as nasa.gov in the headers. Could be quite handy, that. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S Larry Sanders (Apr 09)
- Re: RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S Jason (Apr 09)
- Re: RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S Valdis . Kletnieks (Apr 10)
- Re: RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S Gossi The Dog (Apr 11)
- Re: RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S Valdis . Kletnieks (Apr 10)
- Re: RE : MCAFEE E-MAIL SCAN ALERT!~[FULL-DISCLOSURE] FWD: INTERNET S Jason (Apr 09)