Security Basics mailing list archives
Re: Re: mail server vulnerability
From: "Atilla Remote Support" <info () atilla dhs org>
Date: Fri, 20 Feb 2009 19:07:46 +0100
Yes, that's what I thought too. However, I had installed Kerio mailserver once and I don't know how it was done, but manual telnet access was not possible and mailserver to mailserver access was. Anyway, I wondered if it was possible to protect this because Praveen wrote it. Seemed strange to me to, but i'm not an expert so for me it's better to ask first.:) Regards, Richard. ----- Original Message ----- From: <greimer () fccc edu> To: "Atilla Remote Support" <info () atilla dhs org> Cc: <security-basics () securityfocus com>; <security-basics-return-51658 () securityfocus com> Sent: Friday, February 20, 2009 7:00 PM Subject: Re: Re: mail server vulnerability
But I still would like how to block telnet access to port 25 on a linux machine (Centos 5.2).Email IS telnet to port 25, isn't it? Yours, (George) Kurt Reimer Fox Chase Cancer Center On Fri, 20 Feb 2009, Atilla Remote Support wrote:Hi Praveen. Can you tell me how to disable telnet login to the smtp port? I've got telnet daemon disabled on a server, but still I can telnet to port 25. However this does not mean that people can do email relaying because the MTA takes care of that. Also the banner name is changed so people can't see which mta and which version is running, it's stating a fake application and version number. But I still would like how to block telnet access to port 25 on a linux machine (Centos 5.2). Regards, Richard. ----- Original Message ----- From: <praveen_recker () sify com> To: <security-basics () securityfocus com> Sent: Friday, February 20, 2009 4:37 PM Subject: Re: Re: mail server vulnerabilityHi Abhishek, You can try connecting to the SMTP server using telnet,say c:/>telnet smtp_ip 25 this should not be successful....so system admins should block TELNET to SMTP servers. If successful this gives u the banner. Based upon version and vendor search for any exploits available for free (refer milw0rm, metasploit etc) if u have commercial tools(coreimpact, saint etc) it's well and good. If u are good at Perl develop ur own script and start sending attacks by changing USER names, DOMAIN names etc to overly long strings, format specifiers etc. Best Regards, Praveen Darshanam, Security Researcher, INDIA
Current thread:
- mail server vulnerability Abhishek Kumar (Feb 09)
- Re: mail server vulnerability p3dRø (Feb 09)
- RE: mail server vulnerability Nick Vaernhoej (Feb 09)
- Re: mail server vulnerability Eitan Adler (Feb 10)
- <Possible follow-ups>
- Re: Re: mail server vulnerability viveksilla (Feb 10)
- Re: Re: mail server vulnerability ryancol (Feb 10)
- Re: mail server vulnerability Ansgar Wiechers (Feb 10)
- Re: Re: mail server vulnerability praveen_recker (Feb 20)
- Re: Re: mail server vulnerability Atilla Remote Support (Feb 20)
- Re: Re: mail server vulnerability greimer (Feb 20)
- Re: Re: mail server vulnerability Atilla Remote Support (Feb 20)
- Re: mail server vulnerability Patrick J Kobly (Feb 20)
- Re: mail server vulnerability Atilla Remote Support (Feb 20)
- Re: Re: mail server vulnerability Atilla Remote Support (Feb 20)
- Re: Re: mail server vulnerability Balakrishnan B (Feb 20)