Transparent hijacking of SMTP submission...

joel jaeggli joelja at bogus.com
Thu Nov 27 19:54:15 UTC 2014


I don't see this in my home market, but I do see it in someone else's...
I kind of expect this for port 25 but...

J at mb-aye:~$telnet 147.28.0.81 587
Trying 147.28.0.81...
Connected to nagasaki.bogus.com.
Escape character is '^]'.
220 nagasaki.bogus.com ESMTP Sendmail 8.14.9/8.14.9; Thu, 27 Nov 2014
19:17:44 GMT
ehlo bogus.com
250-nagasaki.bogus.com Hello XXXXXXXXXXXXXXX.wa.comcast.net
[XXX.XXX.XXX.XXX], pleased to meet you
250 ENHANCEDSTATUSCODES

J at mb-aye:~$telnet 2001:418:1::81 587
Trying 2001:418:1::81...
Connected to nagasaki.bogus.com.
Escape character is '^]'.
220 nagasaki.bogus.com ESMTP Sendmail 8.14.9/8.14.9; Thu, 27 Nov 2014
19:18:33 GMT
ehlo bogus.com
250-nagasaki.bogus.com Hello
[IPv6:2601:7:2380:XXXX:XXXX:XXXX:c1ae:7d73], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN
250-STARTTLS
250-DELIVERBY
250 HELP

that's essentially a downgrade attack on my ability to use encryption
which seems to be in pretty poor taste frankly.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 243 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20141127/318ae57e/attachment.pgp>


More information about the NANOG mailing list