[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Port 25 email via telnet exploit

Subject: Re: [cobalt-users] Port 25 email via telnet exploit
From: Paul Jacobs <paul@xxxxxxxxxxxxxxxxxx>
Date: Tue Jun 4 01:44:01 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

At 11:01 PM 6/3/2002, you wrote:

Paul Jacobs wrote:

> Telnet is turned off on my boxes, but you can still get to port 25 via
> telnet... just like you can telnet to port 80 of any webserver.
> It's a huge hole that not may know about..

Let's not confuse things any more than they already are, Paul.  I'm
willing to bet you I can telent into your Windows SMTP server exactly
the same way from your DOS prompt.  It's normal behavior.  If you
couldn't connect to port 80, you couldn't see websites.  If you couldn't
connect to port 25, mail wouldn't work at all.


Not true.

Sure things would be a lot more secure, but you might as well unplug
your box.

Yes, let's unplug every computer and the will all be secure..... NOT,admin's need to know what the he&& they are doing that's all.

> your only like of defense is how
> the webserver or mail server respond to email or web connections.
> Send mail has had this problem for some time...

If mail didn't have this problem, then no one could ever send email.
Connecting on port 25 is how mailservers talk to each other.

True, but some servers will auth. you before allowing you to post...... NOOPEN RELAY, send mail is the biggest open relay there is...your welcome to connect to my work mail server at mail.adv-data.com and seeif you can send mail from it.

> Ohh, and for those that say "your I.P. is in the relay box" I say I have
> sent mail from an I.P. I KNOW is not in the relay.

Once you've logged in to the shell (whether dos or bash or csh, or any
shell) you're a local user and you can send mail anywhere.

You miss understand... I am using eudora, to send mail, not logging in anyother way than the eudora program....

Jeff
--
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net
P. O. Box 52672, Riverside, CA  92517
voice: (909) 778-9980  *  fax: (702) 548-9484

_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users


Paul Jacobs /Senior Network Eng.
Yourwebcentral.com
"Host ANY website "
http://www.yourwebcentral.com
mailto:paul@xxxxxxxxxxxxxxxxxx

Follow-Ups:
- Re: [cobalt-users] Port 25 email via telnet exploit
  - From: Jeff Lasman
- Re: [cobalt-users] Port 25 email via telnet exploit
  - From: Danny Daniels

References:
- Re: [cobalt-users] Port 25 email via telnet exploit
  - From: Paul Jacobs
- Re: [cobalt-users] Port 25 email via telnet exploit
  - From: Jeff Lasman

Prev by Date: RE: [cobalt-users] about dedicated raq
Next by Date: RE: [cobalt-users] Replacement Cobalt parts now available online
Previous by thread: Re: [cobalt-users] Port 25 email via telnet exploit
Next by thread: Re: [cobalt-users] Port 25 email via telnet exploit

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index