[jdev] Jabber Spoofing on unique server

Alexey Nezhdanov snake at penza-gsm.ru
Mon Apr 4 03:49:02 CDT 2005

В сообщении от Понедельник 04 Апрель 2005 11:19 micky501 at free.fr написал(a):
> Joe Hildebrand <hildjj at gmail.com> wrote :
> > And can you let us know what your domain names are going to be, so we can
> > blacklist them, please?
> The server is for a private use within my company. I work in the laboratory
> of R&D so don't worry our server is not available for people from the web.
> I'm just looking for some information about the process of authentication
> and verification of the "from attribute". My job is improving the security
> within my company, not hacking and spoofing Jabber servers all over the
> world. Why do you think that giving me the way Jabber verifies the from
> attribute is dangerous ? Security must not be built on secret. On the
> contrary, I think the more we know, the better we can improve our system.
> Hope some people think like me and will help me.
Generally people would like to blacklist servers that is known for some 
unclean games (like spoofing) playing on them. Can you evaluate more why you 
wish to spoof source address? Your previous explanation was unobvious and may 
be your task can be solved with more correct (jabber-way) methods...

Alexey Nezhdanov

More information about the JDev mailing list