September 23rd, 2007 by Todd Sundsted

Airport Security

The airport has free WIFI. Nice. Very nice.

I have an hour until I board; the rest of my team isn’t here yet. I pull up an e-mail and go to work.

Security is important. I want private communications to remain private. On the road, I used to manually tunnel in to my office over SSH to connect to my IMAP and SMTP servers. Over the last few weeks I’ve been migrating to a more mature configuration — IMAP over TLS and SMTP with TLS and SASL. As a result, I’ve been keeping half an eye open for problems with the configuration. So far, no problems.

I type a reply and hit send. I get an error — something about the server not offering STARTTLS in the EHLO response. Damn!

I put the reply on hold and run through a few quick diagnostics.

  • Can I SSH into the box - check
  • Does the server configuration look correct - check
  • Is my mailer set-up to use my server - check
  • Does the DNS name resolve to the correct IP address - check
  • Can I telnet into the SMTP server - check

Running the last test on the box itself, I clearly see 250-STARTTLS in the response to EHLO foobar. I tail the maillog and hit send again. I get the same error but see no indication of activity what-so-ever in the log. “Damn!” turns into “What the fuck?”

Okay… The DNS record resolves to my IP address. The IP address points to my box. Port 25, however, appears to point somewhere else — to someone else’s SMTP server, in fact. I verify this using telnet on my laptop. A proxy perhaps? But why? To prevent terrorists from sending spam from within the airport? As a kindness to travelers who find themselves away from home or office and in need of a SMTP server? Or something more sinister? Or incompetent?

The gate agent repeats her last call for boarding. I really want to send an e-mail through the system so I can take a look at the header; and to put an obvious username and password in the e-mail to see if the lure attracts any game. But I am out of time. I snag the conversation between client and server in ethereal for future reference.

The conversation between mailer and server:

220 ESMTP
EHLO [AAA.BBB.CCC.DDD]
250 OK
QUIT
221 Bye

The conversation between telnet and server:

220 ESMTP
HELO foobar
250 OK
EHLO foobar
503 Not Implement
QUIT
221 Bye

503 Not Implement?

What is that?

This is the kind of bad grammar I see in Trojan-bait “Friend sent you an e-card” e-mails.

Posted in Uncategorized

Leave a Reply

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>