How to Forge Email
First, make sure you've read the GTMHH
on how to forge email. Then, the only problem remaining will
be to find a vulnerable server. Here's how to find computers that
will let you forge email:
It turns out this is still
ridiculously easy, even if you use Windows 98. Just follow these
steps for Windows computers:
1) Get online with an Internet
Service Provider. Some online services do not give you true Internet
connections. If these instructions don't work, you probably need
to get a true Internet Service Provider.
2) Click start --> Programs
3) In the MSDOS window,
give the command "netstat -n". This will give you something
Proto Local Address Foreign Address State
TCP 38.29.999.187:1377 206.999.52.999:1088 ESTABLISHED
Save that first number.
4) Point your web browser
at http://www.ipswitch.com and download
"What's Up Gold."
5) Use it to scan all Internet
addresses for port 25 open on other people using the same Internet
Service Provider for dialup access. For example, I would scan
all numbers beginning with 38.29.999. Note that this number has
been fubarred (messed up beyond recognition) so use your own IP
numbers you discover with "netstat -n". Warning -- be
prepared to get kicked off your ISP for port scanning. While it
is legal in most places, it is rude and people will suspect you
of planing major computer crime.
5) The IP addresses with
port 25 running are often people using outdated Linux systems
and who don't know any better than to disable "relaying"
on their mail servers. While those people are online, you can
use their computers to forge email.
6) If you use Linux, and
you have sendmail installed, check to see if it's version 8.9
or above. If so, you're OK. If not, either upgrade or see http://www.sendmail.org/~ca/email
for instructions on how to prevent relaying.