|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: FTGate and POP3 protocol
From: Andrew Lewis (wizdumb
UNIX.ZA.NET)Date: Sun Jul 02 2000 - 08:27:30 CDT
- Next message: Lamagra Argamal: "Re: WuFTPD: Providing *remote* root since at least1994"
- Previous message: D. J. Bernstein: "Re: ftpd: the advisory version"
- Next in thread: Roger Burton West: "Re: FTGate and POP3 protocol"
- Reply: Roger Burton West: "Re: FTGate and POP3 protocol"
- Reply: Jeremy C. Reed: "Re: FTGate and POP3 protocol"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Yeah, it's official - it's a problem with the POP3 protocol rather than
with FTGate specifically. Other affected daemons are gnu-pop3d,
Post.Office, Sendmail for NT, Cubic's Circle for Unix, etc etc.
Although returning a -ERR code when an inalid username is given *is* RFC
compliant, and that there is the delay feature to slow-down bruteforcing,
it's still a fairly stupid idea. :/
Cheers,
Andrew Lewis / Wizdumb
wizdumbleet.org
www.mdma.za.net/fk
- Next message: Lamagra Argamal: "Re: WuFTPD: Providing *remote* root since at least1994"
- Previous message: D. J. Bernstein: "Re: ftpd: the advisory version"
- Next in thread: Roger Burton West: "Re: FTGate and POP3 protocol"
- Reply: Roger Burton West: "Re: FTGate and POP3 protocol"
- Reply: Jeremy C. Reed: "Re: FTGate and POP3 protocol"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]