[jdev] Jabber Spoofing on unique server
snake at penza-gsm.ru
Mon Apr 4 03:49:02 CDT 2005
В сообщении от Понедельник 04 Апрель 2005 11:19 micky501 at free.fr написал(a):
> Joe Hildebrand <hildjj at gmail.com> wrote :
> > And can you let us know what your domain names are going to be, so we can
> > blacklist them, please?
> The server is for a private use within my company. I work in the laboratory
> of R&D so don't worry our server is not available for people from the web.
> I'm just looking for some information about the process of authentication
> and verification of the "from attribute". My job is improving the security
> within my company, not hacking and spoofing Jabber servers all over the
> world. Why do you think that giving me the way Jabber verifies the from
> attribute is dangerous ? Security must not be built on secret. On the
> contrary, I think the more we know, the better we can improve our system.
> Hope some people think like me and will help me.
Generally people would like to blacklist servers that is known for some
unclean games (like spoofing) playing on them. Can you evaluate more why you
wish to spoof source address? Your previous explanation was unobvious and may
be your task can be solved with more correct (jabber-way) methods...
More information about the JDev