Originally posted here by jdenny
[I'm definitely not a senior and may not stay up to date on vulns, but hey, here's my opinion.]

I think it's not something new. Spammers spoof the sender/reply-to address hoping their recepients won't find their real address. Good spammers do that hoping they can blame somebody else.

Also (D)DOSers craft their packets to target by spoofing the source address hoping the target won't know their real source address, and will send replies to the spoofed address (which is actually the REAL target).

Still the white paper is an interesting read...

Peace always,
<jdenny>
Hey Hey,

I total agree that the ideas themselves are not new, however this is the first time I've heard of combining the ideas. It's basically an email Smurf/Fraggle attack. I'd love to throw together some code for this, just for PoC purposes. I think that's how I'm going to spend my easter weekend. If anyone has any mail servers I can use for testing let me know.

Peace,
HT