Good ${greeting_time}, Janis!
09 Oct 2014 11:54:40, you wrote to me:
JK> 11:35:36.666699 IP (tos 0x0, ttl 44, id 23787, offset 0, flags [none],
JK> proto TC P (6), length 55)
JK> 71.30.81.243.23 > 72.43.242.234.41035
JK> Telnet:
JK> 0x0000: fffb 03 WILL SUPPRESS GO AHEAD
Ok, I see IAC WILL 03 here (IAC == Interpret As Command) from the called side.
JK> 11:35:36.739953 IP (tos 0x0, ttl 44, id 23788, offset 0, flags [none],
JK> proto TC P (6), length 70)
JK> 71.30.81.243.23 > 72.43.242.234.41035:
JK> Telnet:
JK> 0x0000: fffb 00 WILL BINARY
JK> 0x0003: fffb 00 WILL BINARY
JK> 0x0006: fffd 00 DO BINARY
JK> 0x0009: fffd 03 DO SUPPRESS GO AHEAD
JK> 0x000c: fffd 18 DO TERMINAL TYPE
JK> 0x000f: fffb 01 WILL ECHO
Here I see even more options from the called side...
JK> 11:35:36.967000 IP (tos 0x0, ttl 64, id 51401, offset 0, flags [DF],
JK> proto TCP (6 ), length 55)
JK> 72.43.242.234.41035 > 71.30.81.243.23:
JK> Telnet:
JK> 0x0000: fffb 18 WILL TERMINAL TYPE
The calling side tells it will run in a fully bi-directional mode issuing
select() on a connection socket every time when idle to check for data...
JK> 11:35:37.039568 IP (tos 0x0, ttl 44, id 23790, offset 0, flags [none],
JK> proto TC P (6), length 58)
JK> 71.30.81.243.23 > 72.43.242.234.41035:
JK> Telnet:
JK> 0x0000: fffa 1801 fff0 SB TERMINAL TYPE SEND SE
One more option from the called side... However, all these options:
1. are not related to each other (I guess, they are ignored by recipient)
2. appear only in "virtual modem" hadshake phase
JK> 11:35:42.407017 IP (tos 0x0, ttl 44, id 23793, offset 0, flags [none],
JK> proto TC P (6), length 220)
JK> 71.30.81.243.23 > 72.43.242.234.41035:
JK>
JK> 0x0000: 4500 00dc 5cf1 0000 2c06 5d04 471e 51f3 E...\...,.].G.Q.
JK> 0x0010: 482b f2ea 0017 a04b 9d51 dff1 d35a f896 H+.....K.Q...Z..
JK> 0x0020: 8018 8340 9a10 0000 0101 080a 0002 ccf5 ...@............
JK> 0x0030: 11f6 315b 0d0d 4672 6f6e 7444 6f6f 7220 ..1[..FrontDoor.
JK> 0x0040: 322e 3333 2e6d 4c2e 6232 2f41 4530 3030 2.33.mL.b2/AE000
JK> 0x0050: 3036 363b 204d 756c 7469 4c69 6e65 0d0a 066;.MultiLine..
JK> 0x0060: 0d0a 2a2a 454d 5349 5f4d 4435 3030 3146 ..**EMSI_MD5001F
JK> 0x0070: 3c30 422e 3230 3134 3130 3039 3131 3335 <0B.201410091135
JK> 0x0080: 3332 3936 2d46 726f 6e74 446f 6f72 3e41 3296-FrontDoor>A
JK> 0x0090: 3132 350d 0a2a 2a45 4d53 495f 5245 5141 125..**EMSI_REQA
JK> 0x00a0: 3737 450d 0d0d 0d0d 5072 6573 7320 3c45 77E.....Press. 0x00b0: 7363 3e20 7477 6963 6520 666f 7220 4e6f sc>.twice.for.No
JK> 0x00c0: 2e20 416d 6572 6963 616e 2052 4120 5375 ..American.RA.Su
JK> 0x00d0: 7070 6f72 7420 5369 7465 0d0d pport.Site..
Here goes usual EMSI handshake performed my mailers, without any Telnet
sequences.
I'd like to ask you to perform a bit less trivial test: try to transfer a file
containing 20...30 bytes with value 0xFF (and record the session with tcpdump,
of course). If my suggestion is correct, that would prove telnet sequences are
added by the FOSSIL layer, not by mailer.
--
Alexey V. Vissarionov aka Gremlin from Kremlin
gremlin.ru!gremlin; +vii-cmiii-ccxxix-lxxix-xlii
... :wq!
--- /bin/vi
* Origin: http://openwall.com/Owl (2:5020/545)
|