Penetration Testing mailing list archives
RE: TELNET and SMTP
From: "Levenglick, Jeff" <JLevenglick () fhlbatl com>
Date: Mon, 9 Jul 2007 09:07:40 -0400
Thomas, Why would you close port 25? Silly statement. Why is everybody thinking that port 25 is unprotected when he got the 'standard' 553:no relay message? Someone at least turned on a few relay options on the mail configuration. (which is better then an open relay) Btw.. Open relay would have been the correct term to use if he could have sent an email instead of getting the no relay. (assuming that he forged the from field..ect) Best thing for him is to go to www.sendmail.org and read the FAQ's for relay. To be honest, I was worried about this statement: "2)What purpose do you believe that the SMTP
service provides? Does the SMTP simply recieve!?!? Thank you all,
Zach" If he is passing himself off to a company as an experienced security person and he does not know something simple as SMTP then I think he needs to move on to something else. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Thomas W Shinder Sent: Saturday, July 07, 2007 7:41 PM To: pen-test () securityfocus com Cc: Deus, Attonbitus; Greg Mulholland; jim () isatools org; Steve Moffat Subject: RE: TELNET and SMTP An unprotected port? You need to be very careful because "port attackers" and do awful things to ports. That's why we do "port scans" to look for "ports" we can take advantage of. That's why we have "hardware" firewalls, because they allow us to "open" and "close" "ports". Let the software guyz worry about any services might be located behind those "ports" -- remember the "hardware" firewalls will protect our "ports"! NOT. Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- Microsoft Firewalls (ISA)
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of wymerzp () sbu edu Sent: Saturday, July 07, 2007 7:31 AM To: pen-test () securityfocus com Subject: TELNET and SMTP Hello all, I'm looking at a client's site and they have unprotected access to port 25 (i.e. I can telnet to it and issue commands). When I attempt to send an email I get this message '553 Relaying is not supported'. My question is two-fold: 1)What could I do with the unprotected SMTP access if I can't send mail. 2)What purpose do you believe that the SMTP service provides? Does the SMTP simply recieve!?!? Thank you all, Zach -------------------------------------------------------------- ---------- This List Sponsored by: Cenzic Swap Out your SPI or Watchfire app sec solution for Cenzic's robust, accurate risk assessment and management solution FREE - limited Time Offer http://www.cenzic.com/wf-spi -------------------------------------------------------------- ----------
------------------------------------------------------------------------ This List Sponsored by: Cenzic Swap Out your SPI or Watchfire app sec solution for Cenzic's robust, accurate risk assessment and management solution FREE - limited Time Offer http://www.cenzic.com/wf-spi ------------------------------------------------------------------------ ----------------------------------------- This e-mail message is private and may contain confidential or privileged information. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Swap Out your SPI or Watchfire app sec solution for Cenzic's robust, accurate risk assessment and management solution FREE - limited Time Offer http://www.cenzic.com/wf-spi ------------------------------------------------------------------------
Current thread:
- TELNET and SMTP wymerzp (Jul 07)
- RE: TELNET and SMTP Shenk, Jerry A (Jul 07)
- Re: TELNET and SMTP StaticRez (Jul 07)
- Re: TELNET and SMTP Marco Ivaldi (Jul 09)
- Re: TELNET and SMTP Hans-J. Ullrich (Jul 07)
- Re: TELNET and SMTP rajat swarup (Jul 07)
- RE: TELNET and SMTP Richard Lane (Jul 08)
- Re: TELNET and SMTP A. Tom McFrog (Jul 08)
- Re: TELNET and SMTP AdamT (Jul 08)
- <Possible follow-ups>
- RE: TELNET and SMTP Thomas W Shinder (Jul 07)
- RE: TELNET and SMTP Levenglick, Jeff (Jul 09)
- RE: TELNET and SMTP Russell Butturini (Jul 09)
- RE: TELNET and SMTP Levenglick, Jeff (Jul 09)
- Re: TELNET and SMTP Levenglick, Jeff (Jul 08)