1993-03-01 - Re: anon.penet.fi hacking

Header Data

From: Johan Helsingius <julf@penet.FI>
To: “Edgar W. Swank” <edgar@spectrx.saigon.com>
Message Hash: 6de4b3558adea9132e96b263e6a0cdf69f6d886858de2d75d6b6230e43b3787c
Message ID: <9303011321.aa09556@penet.penet.FI>
Reply To: <DR9LZB7w165w@spectrx.saigon.com>
UTC Datetime: 1993-03-01 12:25:40 UTC
Raw Date: Mon, 1 Mar 93 04:25:40 PST

Raw message

From: Johan Helsingius <julf@penet.FI>
Date: Mon, 1 Mar 93 04:25:40 PST
To: "Edgar W. Swank" <edgar@spectrx.saigon.com>
Subject: Re: anon.penet.fi hacking
In-Reply-To: <DR9LZB7w165w@spectrx.saigon.com>
Message-ID: <9303011321.aa09556@penet.penet.FI>
MIME-Version: 1.0
Content-Type: text/plain



> I would be cautious about a random "From:" line.  I think penet will
> probably reject input that at least has does not have a valid (but not
> necessarily truthful) return address.

I have no way to check the validity of an address, unless it's
syntactically illegal.

> For a while, Miron Cuperman's wimsey remailer was generating a bogus
> >From address, something like "yeltsy@kremlin.vax.ru".  I tried
> chaining this to penet to post to newsgroups, but my anonymous
> messages never appeared in the newsgroups.  This was because,
> I think, penet sends a confirmation back to the sender. Since
> "kremlin.vax" is not in penet's net tables, this would cause
> the confirmation send to fail; my hypothesis is that this also
> causes the newsgroup post at penet to fail.

No, the posting must have failed fort some other reason. The problem is
that you never know why, as the error messages don't reach you...

> Wimsey could also establish its own penet password and automatically
> insert it whenever it detected a "to" address ending in penet.fi.

This could be one solution. But what do you do with bounces due to
some user error?

> I'd like to point out that so far the wimsey remailer is the only
> useful remailer from my point of view because it's the only one
> which allows me to delete the automatic sig.  This is because it
> only forwards encrypted text and discards any appended unencrypted
> text.

This will be solved using MIME. The .sig killer used at anon.penet.fi is
a pain in the rear...

	Julf






Thread