[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Finding a replacement for my ISP's smtp server

On Mon, 28 Jul 2014 21:38:37 +0100
Brian <ad44@cityscape.co.uk> wrote:

> On Mon 28 Jul 2014 at 22:00:00 +0200, Slavko wrote:
> 
> > Dňa Mon, 28 Jul 2014 20:51:31 +0100 Brian <ad44@cityscape.co.uk>
> > napísal:
> > 
> > > You never really answered my questiom. If you place something in a
> > > public place, a mailserver, for example, why should it be a
> > > criminal offence to look at it. If you did not want it to be seen
> > > you have the solution at hand.
> > 
> > Yes, i provided answer to you. I try it again: If is something in
> > public place, it doesn't mean, that anybody can do anything with it.
> 
> You are stating the obvious.
> 
> I'll try a more technical answer. Remember, you were of the opinion
> that using nmap could be a criminal offence in some countries (which
> you declined to name).
> 
> I will use my preferred email client (telnet) for this test.
> 
>   brian@desktop:~$ telnet mail.o2.co.uk 25
>   Trying 82.132.141.69...
>   Connected to mail.o2.co.uk.
>   Escape character is '^]'.
>   220 mail.o2.co.uk ESMTP Service ready
> 
> 
>   brian@desktop:~$ telnet mail.o2.co.uk 587
>   Trying 82.132.141.69...
>   telnet: Unable to connect to remote host: Connection timed out
> 
> 
> I also used another 40.000 ports.
> 
> Happpier with this?
> 
> Communication is one of the most basic human needs. Have I
> transgressed its boundaries?
> 
> 

Not as far as it goes. I occasionally use telnet to a mail server to
check an email address is valid. That's a legitimate SMTP function to
use anonymously, and many email clients use it to verify an address
while you're composing an email. But if you got a reply on 587 and then
tried guessing user names and passwords, knowing you didn't have an
account there, I think you would be attempting to gain unauthorised
access to a computer system, which is an offence in some countries.

And SMTP and HTTP are protocols normally accessed anonymously, as FTP
can be. Other protocols, such as SSH and RDP are never accessible
anonymously, they always require an account on the server, and it could
be argued that any connection attempts to such ports were 'attempting
to gain...' Also, the use of malformed connection packets can sometimes
gain access to vulnerabilities in servers, and such behaviour would
seem to fall foul of the definition. nmap can certainly be used to
try to identify the OS in use by a server, and perhaps try to see
some details of the network behind the firewall, which again would not
seem to be legitimate things to do. It's not clear cut, but some
behaviours would appear to be legitimate, and some not.

-- 
Joe
Reply to: