12 Mar 08 03:35, Richard Webb wrote to Roy Witt:

 RW>>> AS you said before, they would be able to produce mail, but not
 RW>>> route it. This is why we have session and packet passwording.

 >>> They can crash it. Someone has already shown how a netmail packet
 >>> can be dropped on any system that might be in a route and the
 >>> netmail will be sent to the system intended. No session or packet
 >>> password required.

 RW>> Depends on how your mail processing works.  Iow how you've got it
 RW>> configured. Squish for example can be set up rather strictly in this
 RW>> regard, especially when coupled with binkleyterm.

 >> That's true. However, one only needs to find on link in the route
 >> that isn't so configured.

 RW> true again, but iirc back in the day when everybody was pots folks
 RW> who didn't were soon educated that they should. we all know of the
 RW> horror stories of folks planting mail spoofing that they were someone
 RW> else etc.

Yes...I knew some of the guys that did that. They actually gave lessons.

 RW> WOn't mention names but I remember one case.  I think he
 RW> went after JOhn S> at SOuthern star there for awhile, and was able to
 RW> do so because of insecure systems iirc.

Which is what prompted John to have software written to take care of that
problem. NoBogus and then came FxxxNoBogus to get around it. I have copies
of both here.

                R\%/itt



--- Twit(t) Filter v2.1 (C) 2000