Re: Misc. Barracuda service stuff

[Kris Katterjohn <katterjohn () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey Brandon (and everyone),

Brandon Enright wrote:
| We have a bunch of Barracuda "Spam Firewall" products on campus
| (http://www.barracudanetworks.com/ns/products/spam_overview.php).
<snip>
|
| Also, the SMTP services aren't currently recognized and their banner is
| always some variation of:
|
| ^220\x20some.host.name\x20ESMTP\x20\(32_hex_digits\)
|
| Here is one of the hex strings: 504a23141b4a41b5b4e49d39ff99a051
|
| I suspect the hex string relates to the firmware version but I haven't
| been able to verify that.
|

My first thought when I saw the 32 hex digits was some kind of hash;
however, I couldn't think of any good reason on why a banner would need
one.  Plus, if you think it involves the firmware version then it must
stay the same... and what's the point of a never-changing hash in a
welcome banner?

I started looking around (because I became very curious) and I think I
may have found something out about it.  Page 43 of this User's Guide [1]
mentions a setting for "SMTP Welcome Banner", which of course controls
the banner.  It also says it must be unique across the network.  If this
option is left blank, then Barracuda will manage it.. and that makes me
think it generates a big, random number and sticks it in the banner so
that it's unique.

Whether or not this is the case, I don't know; I could be looking at a
guide for a completely different product.  One thing that makes me feel
this way is the fact that the User's Guide at barracudanetworks.com [2]
(with a newer year) doesn't have this "SMTP Welcome Banner" option in
it.  These two user's guides are very different, so I don't know what to
think about them.

Since I have no definite answers, hopefully this will at least lead you
in the right direction.

|
| Brandon
|

Thanks,
Kris Katterjohn

[1] http://www.symtrex.com/pdfdocs/barracuda_ug_final.pdf
[2] http://www.barracudanetworks.com/ns/downloads/barracuda_usersguide.pdf

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBR9CP2P9K37xXYl36AQLFNA/+NIDPP9hVbDQOZsxsMvRzWGpKEy4xbg6m
4pxiFhDltTn/OPJSUY83ADkbp8BCKeHN7Tb3TGkxL+7QrskErbKt/UDyCxFd86Ze
8IZ8UbPmQnvbj0AM1oFxjlv4ha3BX/Vub5c5wwJp9XkiWiVy6ZpILtTTPUYsYeIt
hfRcvUStQyNsCmTCBcCzSKsZmPOU0TJS4K4Y9K6oFT0xIRgGAHzz5ipOXzGVPB5j
xVeNAzBGlS0NXYUT6+2N2THzs99LeF+9bLDLDnZw9gy9e3kd43iZ9hA0FL0bmypo
NLD6etVKcfKoaxlNCPqrM2wyLAxcSkwTH4c7qeTX3T+thb1k0ppfHnp/hjjZ6H0y
ECFZuX42fY3W67mN6Jgee1HU8Zv4bUl8cSwyVEzkg9wYWNs4lOoPRLawN+zNtfd7
dX4tg0Djr82FtdXZ8dE0iJLysZdT9t6yjgnqVWQU0GiBx3SK+mo1ojB3TolUCjY4
dX1j546HBRMVK0RKZT1LL1DJLfP7FS6j1cbJ8DFI+OsX/xXk/bTfLVk7a+vspUY+
SNhM0/dxfOo2AMdJBMsCN3tHFsNHl3siVDrVRrxOsShYcf7AtvkrNcMULbX7k0tH
Ezlq4xTGYXASPVzftvwbXTudbEohgfjOJFeAkwUJO6s5n+M1niz3H8hbXsYIuTXC
NYBvEuyJTYA=
=vfpU
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org