The mconnect (Mail connect) actually follows the SMTP convention, not the telnet convention. That is it does port 25 3-way handshake, then waits for a complete line before transmitting etc.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Chris Keladis Sent: Sat March 30 2002 20:18 To: Bill Royds Cc: [EMAIL PROTECTED]; 'Paul D. Robertson'; [EMAIL PROTECTED] Subject: Re: Restrict telnet to port 25 via firewall. Wouldn't it be possible to detect telnet negotiation (OOB) going on and drop the connection? I agree with Paul however, these measures wont stop abuse of tcp/25, but it makes an interesting thread at least :) Regards, Chris. Bill Royds wrote: > The Symantec Enterprise Firewall (old Axent Raptor) actually does > this, but it can be fooled by using a better SMTP emulator like the > Solaris mconnect command. It still helps a little. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Randy > Smith > Sent: Sat March 30 2002 16:52 > To: 'Paul D. Robertson' > Cc: [EMAIL PROTECTED] > Subject: RE: Restrict telnet to port 25 via firewall. > > One possibility I have not heard discussed would be to write > a wrapper that can distinguish the difference between > protocol messages sent by an SMTP program and a person > composing them at a Telnet prompt. The former would likely > arrive as a single packet per protocal message, while the > latter would likely arrive as a single character per packet > (Telnet generally does not buffer lines). Another option > might be to send back a Telnet control/negotiation message - > an SMTP program would likely ignore it, while a Telnet > program would respond. I havent tried either of these > approaches, but think they would detect most user attempts > to spoof SMTP using Telnet. > > - Randy Smith > > ----Original Message----- > > >From: Paul D. Robertson > [SMTP:[EMAIL PROTECTED]] > > >To: [SMTP:[EMAIL PROTECTED]] > > >Cc: [EMAIL PROTECTED] > > >Subj: RE: Restrict telnet to port 25 via > firewall. > > >Sent: Monday, March 25, 20023:38 AM > > > > > >On Mon, 25 Mar 2002, Navin Mehra/MUM/IN/STTL wrote: > > > > > >> Date: Mon, 25 Mar 200214:25:35 +0530 > > >> From: Navin Mehra/MUM/IN/STTL > <[EMAIL PROTECTED]> > > >> To: Madhur Nanda <[EMAIL PROTECTED]> > > >> Cc: [EMAIL PROTECTED] > > >> Subject: RE: Restrict telnet to port 25 via firewall. > > >> > > >> > > >> Thanks for the feedback. > > >> But the problem is anybody can compose a mail, via > telneting to port 25. > > > > > >Mail is spoofable. That's a flaw in the protocol. > Telnet isn't the only > > >way to spoof mail. > > > > > >> and then impersonatting the person can send a mail on > his behalf. Can i > > >> enable any sort or authorisation on the pix firewall > or is there a setting > > >> in the Lotus Notes server R5. > > > > > >If you want the machine to receive mail from the > Internet, the best you > > >can do is to ensure it's not an open relay. As > mentioned, there are > > >client-side mail integrity solutions like S/MIME and > PGP/GPG. > > > > > >If you're relying on SMTP for authenticity, you need to > either switch > > >mechanisms or add client-side validation, or accept the > fact that the > > >protocol has major flaws. > > > > > >Paul > > > >----------------------------------------------------------------------------- > > >Paul D. Robertson "My statements in this message > are personal opinions > > >[EMAIL PROTECTED] which may have no basis > whatsoever in fact." > > > > > >_______________________________________________ > > >Firewalls mailing list > > >[EMAIL PROTECTED] > > >http://lists.gnac.net/mailman/listinfo/firewalls > > > > _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
