security blather Re: [techtalk] login restriction
kelly at poverty.bloomington.in.us
kelly at poverty.bloomington.in.us
Fri Jul 7 14:35:54 EST 2000
On Fri, 7 Jul 2000 15:14:59 -0400 , "Fan, Laurel" <Laurel.Fan at compaq.com> said:
>If I can, from my computer, open an "smtp connection" to port 25 on
>somehost, I can run "telnet somehost 25". Neither of which has
>anything at all to do with telnetd.
I am indeed at a loss to tell how a firewall could tell a connection
to port 25 that originates from a MTA from one that originates from
some other sort of socket opening program. The TCP protocol doesn't
tell you squat about what the program opening the socket intends to do
with it. Admittedly, a firewall _could_ terminate a SMTP session that
doesn't "act right", but it can't tell that until the connection has
been established and some data has been exchanged. Unless, of course,
someone has a "psychic firewall" out there that I haven't heard about.
Kelly
More information about the Techtalk
mailing list