1994-05-14 - Re: Penet Spoofing

Header Data

From: Eli Brandt <ebrandt@jarthur.cs.hmc.edu>
To: cypherpunks list <cypherpunks@toad.com>
Message Hash: 6eebee834a65a76e1d63d00bc6557d341692703b207a7a9edb2c560a465629fe
Message ID: <9405142246.AA00470@toad.com>
Reply To: <9405141815.AA00592@flammulated.owlnet.rice.edu>
UTC Datetime: 1994-05-14 22:46:28 UTC
Raw Date: Sat, 14 May 94 15:46:28 PDT

Raw message

From: Eli Brandt <ebrandt@jarthur.cs.hmc.edu>
Date: Sat, 14 May 94 15:46:28 PDT
To: cypherpunks list <cypherpunks@toad.com>
Subject: Re: Penet Spoofing
In-Reply-To: <9405141815.AA00592@flammulated.owlnet.rice.edu>
Message-ID: <9405142246.AA00470@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Karl said:
> Somebody is trying to be clever and forging mail to figure out
> my penet id (surprise, I don't have one, but now I do).

I doubt it's a forgery attack.  More likely, somebody subscribed to
the list under a anXXXX address rather than naXXXX -- possibly
intentionally, but probably just by mistake.  The effect is that
everyone who posts to the list has their headers pseudonymized
before their messages are passed to the subscriber.

The people who were told they had been given anXXXX addresses were
the lucky ones.  People who already had unpassworded addresses, and
who have unstripped .sigs or other indentifiers, have had their
pseudonyms and truenames silently handed to the subscriber.  Nasty
failure mode.

This has happened on the list a few times before.  The first or
second time was one of the major reasons Julf added the naXXXX
capability, as I recall, to let anonymous users safely subscribe to
mailing lists.  Passwords were intended to stop the forgery attack,
but are helpful here too.  This mail, for example, should never
reach the subscriber in question, because I didn't include my
password.

A handy stopgap would be for majordomo to screen out anXXXX
addresses (better, convert them to naXXXX), and other known
double-blinding addresses.  The behavior of anon.penet.fi interacts
poorly with mailing lists, but we've had that discussion before.

   Eli   ebrandt@hmc.edu






Thread