Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: educating rDNS violators]

from [David Gillett] Network Security [Permanent Link]
Subject: RE: educating rDNS violators]
Date: Mon, 27 Sep 2004 08:24:46 -0700 
  At the point that you've got a HELO, the remote system has
ACK'd your SYN-ACK.  So, barring MITM attacks (which are
difficult to do on the open Internet), there's a > 99.9%
chance that the remote is reachable via the IP address you're
seeing.  Spoofing rDNS is no harder, and probably easier,
so I don't see any meaningful sense in which it "verifies
the IP address".

David Gillett



-----Original Message-----
From: Pat Moffitt [mailto:pmoffitt@wrv.com]
Sent: Thursday, September 23, 2004 2:19 PM
To: security-basics@securityfocus.com
Subject: [RE: educating rDNS violators]



I am not attempting to verify the HELO Command.  I am 
attempting to verify the 
IP Address of the system that is trying to make the SMTP 
connection.  As such, 
this section of the RFC does not apply.  I see nothing in 
this RFC that applies 
to using RDNS to reject mail connections, only on using RDNS 
to verify HELO 
commands.

Pat Moffitt
MIS Administrator
Western Recreational Vehicles, Inc.


-------- Original Message --------
Subject: RE: educating rDNS violators
Date: Tue, 31 Aug 2004 13:35:34 -0400
From: LordInfidel@directionweb.com
To: 'Derek Schaible' <dschaible@cssiinc.com>, Niek 
<niek@packetstorm.nu>
CC: security-basics@securityfocus.com

[snip - to supply the relevent part of the message]

6. Section 5.2.5 of rfc1123 covers this quite explicitly.  
Rejecting mail
based on RDNS ~~~***VIOLATES***~~~ the RFC:
http://www.faqs.org/rfcs/rfc1123.html

5.2.5  HELO Command: RFC-821 Section 3.5

[snip]
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: PortFast Question, JGrimshaw
Next by Date:  CHM file download, Sandeep Singh Rawat
Previous by Thread:  [RE: educating rDNS violators], Pat Moffitt
Next by Thread:  RE: educating rDNS violators], LordInfidel
Indexes:  [Date] [Thread] [Top] [All Lists]