heads up ... another imapd attack source

Dave Crocker dcrocker at brandenburg.com
Tue Dec 15 21:33:42 UTC 1998

At 11:09 AM 12/15/98 -0800, Roeland M.J. Meyer wrote:
>>this means that any user who is traveling, and happens to try to get their
>>mail while accessing from a .edu site won't be able to pick it up.
>Only if they are accessing mail on MHSC systems, from an *.EDU dial-up.

That's right.  Only an MHSC customer.

>There are other dial-up options and MHSC has direct dial-up ports
>available. Also, we do allow VPN tunnels from *.EDU, but only to directed
>hosts with no routing and on advanced arrangement. The user that does so,
>does it under our TOS and AUP.

If they know enough detail "ahead of time".  Hence they are prevented from
the benefit of opportunistic access.

>>since imap popularity is growing, lack of imap service is also problematic.
>It's balance of problems. We consider the rootkit risk more severe than the
>loss of business from *.EDU sites. We have secure POP3 and Web-based (SSL)

It isn't a question of loss of business from a .edu site.  It is a question
of loss of business from an MHSC customer who is traveling.


Dave Crocker                                       Tel: +60 (19) 3299 445
<mailto:dcrocker at brandenburg.com>             Post Office Box 296, U.P.M.
                                         Serdang, Selangor 43400 MALAYSIA
Brandenburg Consulting                                          
<http://www.brandenburg.com>                       Tel: +1 (408) 246 8253
Fax: +1(408)273 6464              675 Spruce Dr., Sunnyvale, CA 94086 USA

More information about the NANOG mailing list