Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Date: Sun May 26 2002 - 13:49:27 CDT
On Sat, 25 May 2002 21:41:36 +0200, David GLAUDE Mailing <dglaudemailinggmx.net> said:
> Typicaly when a human is typing protocol command,
> you might expect slow communication,
which you also see when the other end of the connection is at the far
end of a congested link...
> use of backspace ^H ;-),
Actually, you probably WONT see this often, unless you have a stupid
telnet client - many/most telnet clients will default to "line at a time" mode
if connecting to a port other than 23, so it won't send a ^H unless his
system doesn't recognize ^H as a local editing character...
> minimal info (like no useless field in SMTP, ...).
Actually, it would be *MORE* suspicious if you *DO* see a "useless" field.
For instance, Sendmail (which I think I know something about ;) doesn't send
every possible option. For instance, it doesn't pass the ENVID= option on
the SMTP MAIL FROM unless a DSN has been requested by the sender....
Actually, I take it back - I *DO* see ^H in SMTP transactions on a regular
basis. Unfortunately, it's not indicative of intruders. It's indicative
of broken Pacific-rim spamware (usually Korean, sometimes Chinese) that
doesn't understand that RFC821/822 is ASCII-oriented, and that RFC2147 exists
for a reason. ;)
-- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Exmh version 2.5 07/13/2001
iD8DBQE88S43cC3lWbTT17ARArSLAJ0RiqbgjLlTrOHwnxIbS6p5o1z//gCcDvXY SL3sKHNQncPfA2xgNhDBmLw= =NTue -----END PGP SIGNATURE-----