Nmap Development mailing list archives
Re: Misc. Barracuda service stuff
From: Kris Katterjohn <katterjohn () gmail com>
Date: Thu, 06 Mar 2008 18:44:09 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey Brandon (and everyone), Brandon Enright wrote: | We have a bunch of Barracuda "Spam Firewall" products on campus | (http://www.barracudanetworks.com/ns/products/spam_overview.php). <snip> | | Also, the SMTP services aren't currently recognized and their banner is | always some variation of: | | ^220\x20some.host.name\x20ESMTP\x20\(32_hex_digits\) | | Here is one of the hex strings: 504a23141b4a41b5b4e49d39ff99a051 | | I suspect the hex string relates to the firmware version but I haven't | been able to verify that. | My first thought when I saw the 32 hex digits was some kind of hash; however, I couldn't think of any good reason on why a banner would need one. Plus, if you think it involves the firmware version then it must stay the same... and what's the point of a never-changing hash in a welcome banner? I started looking around (because I became very curious) and I think I may have found something out about it. Page 43 of this User's Guide [1] mentions a setting for "SMTP Welcome Banner", which of course controls the banner. It also says it must be unique across the network. If this option is left blank, then Barracuda will manage it.. and that makes me think it generates a big, random number and sticks it in the banner so that it's unique. Whether or not this is the case, I don't know; I could be looking at a guide for a completely different product. One thing that makes me feel this way is the fact that the User's Guide at barracudanetworks.com [2] (with a newer year) doesn't have this "SMTP Welcome Banner" option in it. These two user's guides are very different, so I don't know what to think about them. Since I have no definite answers, hopefully this will at least lead you in the right direction. | | Brandon | Thanks, Kris Katterjohn [1] http://www.symtrex.com/pdfdocs/barracuda_ug_final.pdf [2] http://www.barracudanetworks.com/ns/downloads/barracuda_usersguide.pdf -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR9CP2P9K37xXYl36AQLFNA/+NIDPP9hVbDQOZsxsMvRzWGpKEy4xbg6m 4pxiFhDltTn/OPJSUY83ADkbp8BCKeHN7Tb3TGkxL+7QrskErbKt/UDyCxFd86Ze 8IZ8UbPmQnvbj0AM1oFxjlv4ha3BX/Vub5c5wwJp9XkiWiVy6ZpILtTTPUYsYeIt hfRcvUStQyNsCmTCBcCzSKsZmPOU0TJS4K4Y9K6oFT0xIRgGAHzz5ipOXzGVPB5j xVeNAzBGlS0NXYUT6+2N2THzs99LeF+9bLDLDnZw9gy9e3kd43iZ9hA0FL0bmypo NLD6etVKcfKoaxlNCPqrM2wyLAxcSkwTH4c7qeTX3T+thb1k0ppfHnp/hjjZ6H0y ECFZuX42fY3W67mN6Jgee1HU8Zv4bUl8cSwyVEzkg9wYWNs4lOoPRLawN+zNtfd7 dX4tg0Djr82FtdXZ8dE0iJLysZdT9t6yjgnqVWQU0GiBx3SK+mo1ojB3TolUCjY4 dX1j546HBRMVK0RKZT1LL1DJLfP7FS6j1cbJ8DFI+OsX/xXk/bTfLVk7a+vspUY+ SNhM0/dxfOo2AMdJBMsCN3tHFsNHl3siVDrVRrxOsShYcf7AtvkrNcMULbX7k0tH Ezlq4xTGYXASPVzftvwbXTudbEohgfjOJFeAkwUJO6s5n+M1niz3H8hbXsYIuTXC NYBvEuyJTYA= =vfpU -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Misc. Barracuda service stuff Brandon Enright (Mar 06)
- Re: Misc. Barracuda service stuff Kris Katterjohn (Mar 06)