RE: [Full-Disclosure] Sidewinder G2

From: Perrymon, Josh L. (PerrymonJ_at_bek.com)
Date: 11/18/03

  • Next message: Brent J. Nordquist: "RE: [Full-Disclosure] Sidewinder G2" 
    To: "'Valdis.Kletnieks@vt.edu'" <Valdis.Kletnieks@vt.edu>, "Perrymon, Josh L." <PerrymonJ@bek.com>
Date: Tue, 18 Nov 2003 10:52:29 -0600

    So the pix allows the 7 command in RFC 821 section 4.5.1--
    DATA
    HELO
    MAIL
    NOOP
    QUIT
    RCPT
    RSET

    If a remote client sends ESMTP it converts it to a NOOP command and sends it
    to the firewall...
    And it also analyses the data payload and if it finds an invalid request it
    will remove the command
    or send a NOOP to the server.

    The PIX will respond with xxxx's in the SMTP version if you do a telnet...

    So it's a packet filter with application inspection... right..??

    -----Original Message-----
    From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu]
    Sent: Tuesday, November 18, 2003 10:20 AM
    To: Perrymon, Josh L.
    Cc: full-disclosure@lists.netsys.com
    Subject: Re: [Full-Disclosure] Sidewinder G2

    On Tue, 18 Nov 2003 09:49:52 CST, "Perrymon, Josh L." said:
    > The cisco PIX doesn't run the actual SMTP service. The problem would be in
    > the Fixup for the SMTP protocol.

    Hmm.. so we *don't* actually do SMTP, we merely screw with the bits in
    passing
    even more than an actual SMTP relay would do (as it would just slap on a
    Received: and keep going). It answers a SYN packet on port 25, it sends a
    distinctive '220 hello' reply different than what might be behind it, it
    accepts EHLO/MAIL FROM/RCPT TO/DATA/QUIT, it isn't merely tunneling packets
    to
    a server behind the firewall.

    Pedantic sophistry at its best. It's an SMTP server, guys. Looks like a
    duck,
    quacks like a duck, and slapping a "this is a Fixup not a Server" label on
    it
    isn't gonna remove the duck feathers.

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Brent J. Nordquist: "RE: [Full-Disclosure] Sidewinder G2"

    Relevant Pages

    • RE: strange SMTP behaviour
      ... Let's use telnet utility to repro the SMTP session: ... and press ENTER at the command prompt. ... e) Type the following command to tell the SMTP server whom the message is ... Choose the "Reverse DNS lookup" at the middle column. ...
      (microsoft.public.exchange.connectivity)
    • RE: NDR in SBS 2003 Standard using Exchange
      ... I understand you have two mail accounts in one ... That Shares the Same SMTP Domain Name Space ... On Exchange 2003 server, ... On the Exchange server 2003, open the command prompt. ...
      (microsoft.public.windows.server.sbs)
    • Re: OE SMTP blockage
      ... > from my Uk ISP no problem whilst in the USA. ... > there is an smtp error. ... You would just set your travelling identity to access the server ... Note in the first column, fourth line beginning with '214', the command ...
      (microsoft.public.internet.mail)
    • RE: Email and DMZs (iptables)?
      ... > Basically the inside server, is the primary MX, ... this memo introduces the ETRN command. ... create a new SMTP session and send the messages at that time. ... external machine to start processing the queue. ...
      (Focus-Linux)
    • Re: Fax routing
      ... the telnet command completed without trouble. ... Open Server Management ... "Enable SMTP Receipts e-mail receipts delivery" is enabled ... E-mail incoming routing method" ...
      (microsoft.public.windows.server.sbs)