Penetration Testing mailing list archives
Re: Avoiding Postfix Fingerprinting
From: Javier Fernandez-Sanguino <jfernandez () germinus com>
Date: Wed, 09 Mar 2005 11:03:33 +0100
Joachim Schipper wrote:> See postconf(5), under smtpd_banner. (I'm pretty sure Nessus just grabs
the banner; however, some more advanced fingerprinting is possible, if someone is very knowledgeable.)
Actually that won't fool it probably. That NASL script does much more than grabbing the banner, it actually sends some commands and reads the answers in order to determine the software used:
http://cvsweb.nessus.org/cgi-bin/cvsweb.cgi/~checkout~/nessus-plugins/scripts/smtpscan.nasl?content-type=text/plainTrying to fool this probably implies making some changes in the source code to behave differently. I don't believe it's worth it, best invest the time in making sure that a compromise through postfix is not possible (proper privilege separation, current version and bugfixes, etc)
Regards Javier
Current thread:
- Null Session Wbsony (Mar 07)
- Re: Null Session H D Moore (Mar 07)
- Avoiding Postfix Fingerprinting Isidro Labrador (Mar 08)
- Re: Avoiding Postfix Fingerprinting Joachim Schipper (Mar 08)
- Re: Avoiding Postfix Fingerprinting Javier Fernandez-Sanguino (Mar 09)
- Re: Avoiding Postfix Fingerprinting Olivier Fauchon (Mar 09)
- Re: Avoiding Postfix Fingerprinting Michel Arboi (Mar 10)
- Re: Avoiding Postfix Fingerprinting Michel Arboi (Mar 10)
- Avoiding Postfix Fingerprinting Isidro Labrador (Mar 08)
- Re: Null Session H D Moore (Mar 07)