Hallam-Baker, Phillip wrote: > To answer your question about how they got round port 25 blocking, my > guess is that they sent the initial packet out on yet another connection > that was unblocked. Actually, I answered that question - they didn't "get around port 25 blocking". They never sent from the (say AOL dialup) side, only from the high speed side. "three way handshaking" emulation of what's supposed to be "two way", but physically only two (not three) machines. Since they're on the same machine, the timing is not much of an issue. Got high speed spam emission, at the expense of burning (lots of) free AOL low speed access dialup disks. Especially if you pipelined (whether the recipient said it was okay or not) multiple parallel SMTP streams. [The recipient usually has no way of knowing whether you're really waiting for it's SMTP command return codes or not. Which is exemplified by one particular type of HTTP proxy attack. Arrange the entire sending side's SMTP commands in one buffer (eg: a HTTP CONNECT proxy), and send it all at once. Works just fine if you don't care about errors. Which high volume spammers don't.] > I have seen something similar described recently in the context of a > cyber-conflict type attack. Potentially still useful technique, where the economies are different. _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf