[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Port 25 email via telnet exploit
- Subject: Re: [cobalt-users] Port 25 email via telnet exploit
- From: Paul Jacobs <paul@xxxxxxxxxxxxxxxxxx>
- Date: Mon Jun 3 17:11:26 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
At 07:03 AM 6/3/2002, you wrote:
> > Why does port 25 allow email to be sent via telnet without validating
user
> login, domain etc?
>
> How about turning telnet off!! There is plenty you can do in telnet without
> login in!! if you know how.
This could be a wyse on the serial port for all it matters - he's
telnetting onto the mail port (25). That's not service port for
telnet (23) logins.
tim
--
Mechanical Engineers build weapons. Civil Engineers build targets.
Telnet is turned off on my boxes, but you can still get to port 25 via
telnet... just like you can telnet to port 80 of any webserver.
It's a huge hole that not may know about.. your only like of defense is how
the webserver or mail server respond to email or web connections.
Send mail has had this problem for some time...
Ohh, and for those that say "your I.P. is in the relay box" I say I have
sent mail from an I.P. I KNOW is not in the relay.
_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users
Paul Jacobs /Senior Network Eng.
Yourwebcentral.com
"Host ANY website "
http://www.yourwebcentral.com
mailto:paul@xxxxxxxxxxxxxxxxxx