On Fri, 5 Jul 2002, Dave C. wrote:
> > http://www.remote.org/jochen/sec/hfpa/index.html
> Uhm. exactly what does this accomplish? If the remote IP is otherwise
> permitted to send mail to you, why bother sending it this way? If they
> are trying to relay thru you they wont be permitted anyway..
The exploit is to send the page to somebody inside a firewall. When they
read it (or press the relevant button or whatever), it makes an SMTP
call from within the firewall to an MTA that is not accessible from the
original remote host. In other words, you trick a host into make the
SMTP call for you.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
