Re: Re: mail server vulnerability

["Atilla Remote Support" <info () atilla dhs org>]

Hi Praveen.

Can you tell me how to disable telnet login to the 
smtp port?
I've got telnet daemon disabled on a server, but 
still I can telnet to port 25.
However this does not mean that people can do 
email relaying because the MTA takes care of that.
Also the banner name is changed so people can't 
see which mta and which version is running, it's 
stating a fake application and version number.

But I still would like how to block telnet access 
to port 25 on a linux machine (Centos 5.2).

Regards,

Richard.


----- Original Message ----- 
From: <praveen_recker () sify com>
To: <security-basics () securityfocus com>
Sent: Friday, February 20, 2009 4:37 PM
Subject: Re: Re: mail server vulnerability


> Hi Abhishek,
>
> You can try connecting to the SMTP server using 
> telnet,say
> c:/>telnet smtp_ip 25
> this should not be successful....so system 
> admins should block TELNET to SMTP servers. If 
> successful this gives u the banner. Based upon 
> version and vendor search for any exploits 
> available for free (refer milw0rm, metasploit 
> etc) if u have commercial tools(coreimpact, 
> saint etc) it's well and good.
> If u are good at Perl develop ur own script and 
> start sending attacks by changing USER names, 
> DOMAIN names etc to overly long strings, format 
> specifiers etc.
>
> Best Regards,
> Praveen Darshanam,
> Security Researcher,
> INDIA