Security Basics mailing list archives
Re: Loopholes in a proxy and smtp server
From: "Matt Coffman" <matt () binarybrain net>
Date: Wed, 13 Dec 2006 15:33:13 -0600
I appreciate your concerns but let me try and shed some light. I believe DNS stuff is running JavaScript to gather that information. What does that mean? The script is actually running client side on your proxy server. Don't think for one minute that their site is traversing the firewall to gather that information - simply not the case.
As far as your SMTP concern. Your mail server needs to communicate to SMTP servers sending to it if a email is valid or not. Some of my clients run a very popular firewall that enables them to run the SMTP security service. This will appear to accept any email intended for that domain but won't actually forward the mail on to the mail server. Another option is to install a SPAM server.
hope this helps. mc----- Original Message ----- From: "Niranjan Patil" <niranjan.patil () gmail com>
To: <security-basics () securityfocus com> Sent: Tuesday, December 12, 2006 11:09 PM Subject: Loopholes in a proxy and smtp server
Hi All, I have noticed two significant (well, I think it is) flaws in the design of one of the corporate proxy and SMTP servers I am consulting for. I googled for it and checked some RFC's too but couldn't get anything much helpful. Hope to get valuable info from you all. 1. The squid proxy is sending out its internal IP when forwarding the http requests to the outside world. I mean if the proxy's internal IP is 192.168.1.1 and its public IP is 1.1.1.1, it is sending both of them out to the Internet. To check this, you can open a site like www.dnsstuff.com, where it shows the public and private IP of your proxy (you need have one). I guess they are not using any scripts to check my IP. Even if they have used they could find my own machine's IP and not my proxy's. I am not sure how to harden the proxy for this particular flaw. 2. The SMTP servers listening for incoming mail on the Internet are also giving out valuable information. When queries are made to it, it accept connections only to a valid email id in its address book. I mean when we respond to its RCPT command with an email id, it checks and throws out a message as '[250 recipient <name () company com> ok]' for a valid id and '[Could not connect: Got an unknown RCPT TO response: 501 #5.1.1 bad address nonexistingname () company com]' for non existing email id and closes the connection. Using this anyone can get address book of all valid email ids of that firm, he/she may use a simple script too. I don't think this is normal, and need to address this soon. I checked out the popular free email providers like gmail, yahoo or hotmail, they accept connections for all email ids and then sends back a mailer daemon for invalid ids. Apologise for the long mail but appreciate any help. Regards, Niranjan --------------------------------------------------------------------------- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect ---------------------------------------------------------------------------
--------------------------------------------------------------------------- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect ---------------------------------------------------------------------------
Current thread:
- Loopholes in a proxy and smtp server Niranjan Patil (Dec 13)
- Re: Loopholes in a proxy and smtp server Matt Coffman (Dec 13)
- RE: Loopholes in a proxy and smtp server Murda Mcloud (Dec 14)
- Re: Loopholes in a proxy and smtp server Matt Coffman (Dec 14)
- RE: Loopholes in a proxy and smtp server Murda Mcloud (Dec 14)
- RE: Loopholes in a proxy and smtp server Murda Mcloud (Dec 14)
- Re: Loopholes in a proxy and smtp server Matt Coffman (Dec 13)
- Re: Loopholes in a proxy and smtp server MaddHatter (Dec 14)
- Re: Loopholes in a proxy and smtp server Devdas Bhagat (Dec 18)