Penetration Testing mailing list archives

Re: Avoiding Postfix Fingerprinting

From: Javier Fernandez-Sanguino <jfernandez () germinus com>
Date: Wed, 09 Mar 2005 11:03:33 +0100

Joachim Schipper wrote:

> See postconf(5), under smtpd_banner. (I'm pretty sure Nessus justgrabs

the banner; however, some more advanced fingerprinting is possible, if
someone is very knowledgeable.)

Actually that won't fool it probably. That NASL script does much morethan grabbing the banner, it actually sends some commands and readsthe answers in order to determine the software used:

http://cvsweb.nessus.org/cgi-bin/cvsweb.cgi/~checkout~/nessus-plugins/scripts/smtpscan.nasl?content-type=text/plain

Trying to fool this probably implies making some changes in the sourcecode to behave differently. I don't believe it's worth it, best investthe time in making sure that a compromise through postfix is notpossible (proper privilege separation, current version and bugfixes, etc)


Regards

Javier

Current thread:

Null Session Wbsony (Mar 07)
- Re: Null Session H D Moore (Mar 07)
  - Avoiding Postfix Fingerprinting Isidro Labrador (Mar 08)
    - Re: Avoiding Postfix Fingerprinting Joachim Schipper (Mar 08)
    - Re: Avoiding Postfix Fingerprinting Javier Fernandez-Sanguino (Mar 09)
    - Re: Avoiding Postfix Fingerprinting Olivier Fauchon (Mar 09)
    - Re: Avoiding Postfix Fingerprinting Michel Arboi (Mar 10)
    - Re: Avoiding Postfix Fingerprinting Michel Arboi (Mar 10)