Man, they'll try anything to hack your system...

Neil Schelly neil at jenandneil.com
Fri Jan 27 13:34:00 EST 2006


On Friday 27 January 2006 01:13 pm, Ben Scott wrote:
>   Anyone else seen this?  Is it just net.stupidity on the part of some
> mail server operators somewhere, or are spammers/attackers trying
> something new?

I can imagine a scenario where this may be helpful to people.  Can't imagine a 
way to misuse that sort of entry, but imagine that a company has a mail 
server on an internal IP address that receives incoming traffic from the 
outside world through NAT.  So that external address gets NAT'd down to the 
internal address.  

Any servers on that internal network that try to send email to their domain, 
looking up the external IP, and try to connect.  Because of the NAT, then 
that may be difficult to route properly.  Even if they can the NAT to 
translate the stream to the mail server, the mail server will likely just 
reply directly to the internal address of the client server because that's 
the source of the incoming connection post-NAT.  This will cause connections 
to fail and hang and all that stuff.

If however, they have an MX record for both the internal and external IP 
addresses and don't setup anything to allow routing from inside to the public 
IPs, then those machines that might try to connect to it will fail to connect 
to the first MX record (the public IP) and fall back to the secondary MX 
record (internal).

It's a hack, but if you don't have good DNS views setup or have difficult 
routing with NAT without the ability to do two-way NAT, then it should work.
-N



More information about the gnhlug-discuss mailing list