Security Incidents mailing list archives
Re: blind forwards
From: D.M.Pick () QMW AC UK (David Pick)
Date: Fri, 30 Jun 2000 12:06:30 +0100
This may or may not be the right list for this. It doesn't seem to fit nicely anywhere. However, we're investigating this at work, and I know someone out there knows the answer. (An incident I suppose) I'm curious to find out how one could go about analyzing an e-mail to find out if it is being intercepted upstream before it reaches the intended recipient. For example, with some e-mail servers, a file can be placed in the user's mailbox on the server that will "blind" forward any incoming mail to a given address. SMTP Server --> Recipient's Mail Server--> USER-X (blind) and INTENDED-USER (as usual) I'd imagine that this is highly illegal at the upstream level under most circumstances; and I know there's a way to find out if this type of snooping is taking place. Anyone? Anyone?
I can't think of any way of seeing if this has happened by looking at the message as received by the intended user. After all, if it *could* be reliably done, people wouldn't be nearly so worried about government taps! The only methods I can think of would all involve getting taps inserted around each relay machine and doing some traffic analysis. But even then you'd need to make sure you'd intercepted *all* traffic from the suspected machine. Possibly including the locally connected printer... -- David Pick
Current thread:
- Re: Nike Site taken over, (continued)
- Re: Nike Site taken over Valdis Kletnieks (Jun 26)
- funky syslog entry klug (Jun 26)
- Re: funky syslog entry Valdis Kletnieks (Jun 27)
- Re: funky syslog entry Jens Hektor (Jun 27)
- Re: funky syslog entry Erich Meier (Jun 28)
- Re: funky syslog entry Sean Michael Whipkey (Jun 28)
- blind forwards Keith McCammon (Jun 28)
- Re: blind forwards Ex Machina (Jun 29)
- Re: blind forwards Brock Norvell (Jun 29)
- Re: blind forwards John Hall (Jun 29)
- Re: blind forwards David Pick (Jun 30)
- Re: funky syslog entry UnixGeek (Jun 29)
- Re: funky syslog entry Chris West (Jun 29)
- wuftp exploit Toby Miller (Jun 28)
- Re: wuftp exploit Daniel Jacobowitz (Jun 28)
- Permissions Derick Schuetz (Jun 27)
- Re: Permissions Valdis Kletnieks (Jun 27)
- Re: Permissions Jon Lewis (Jun 27)
- Probes for MySQL under Linux? Ralf G. R. Bergs (Jun 27)
- Re: Probes for MySQL under Linux? Tabor J. Wells (Jun 27)
- Port scan (106 and 389) Chris Laycock (Jun 28)