Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: blind forwards

From: D.M.Pick () QMW AC UK (David Pick)
Date: Fri, 30 Jun 2000 12:06:30 +0100


This may or may not be the right list for this.  It doesn't seem to fit
nicely anywhere.  However, we're investigating this at work, and I know
someone out there knows the answer.  (An incident I suppose)

I'm curious to find out how one could go about analyzing an e-mail to find
out if it is being intercepted upstream before it reaches the intended
recipient.  For example, with some e-mail servers, a file can be placed in
the user's mailbox on the server that will "blind" forward any incoming mail
to a given address.

SMTP Server --> Recipient's Mail Server--> USER-X (blind) and INTENDED-USER
(as usual)

I'd imagine that this is highly illegal at the upstream level under most
circumstances; and I know there's a way to find out if this type of snooping
is taking place.  Anyone?  Anyone?


I can't think of any way of seeing if this has happened by
looking at the message as received by the intended user.
After all, if it *could* be reliably done, people wouldn't
be nearly so worried about government taps! The only methods
I can think of would all involve getting taps inserted around
each relay machine and doing some traffic analysis. But even
then you'd need to make sure you'd intercepted *all* traffic
from the suspected machine. Possibly including the locally
connected printer...

--
        David Pick
Previous By Date Next
Previous By Thread Next

Current thread: