Vulnerability Development mailing list archives
RE: pop3 exploit????
From: Simon Thornton <simon.thornton () swift com>
Date: Thu, 18 Oct 2001 12:33:53 +0200
Hi Leon, The most likely explanation is that the service is 'wrapped' using something like TCPD/XINETD and has an access list that excludes remote connections (or at least yours). The wrapper validates the access list first and if denied, drops the connection, the actual service daemon is not launched in this case, hence no banner. Some sysadmins also "booby-trap" the deny phase so that it gathers additional info about the system connecting (running finger, dig, rusers, queso and mails the results to them). If you have access to a Linux box, have a look in /etc/inetd.conf and see if you have any tcpd entries similar to the following: ftp stream tcp nowait root /usr/sbin/tcpd wu.ftpd -a The rules are held in /etc/hosts.allow and /etc/hosts.deny xinetd, which is a nice replacement for inetd, incorporates the functionality of tcpd into the daemon and the access rules into /etc/xinetd.conf. There isn't anything you can "do" as such, service wrapping is designed as another layer in the security model to keep out unwanted users and provide an audit trail for service exection. Rgds, Simon -----Original Message----- From: leon [mailto:leon () inyc com] Sent: Tuesday, October 16, 2001 21:20 To: theog () yoda dnsq org; 'John Thornton' Cc: vuln-dev () securityfocus com Subject: RE: pop3 exploit???? Ok. I have to apologize to everyone. I was being a bonehead (what else is new?). I was using super scanner and it would report 110 was open and guess it was pop3. But riddle me this batman(and woman) why is it when I try to telnet to the offending ip's that I connect but get no banner and after about 15 seconds it tells me connection lost.
Current thread:
- pop3 exploit???? leon (Oct 14)
- Re: pop3 exploit???? Kaneda Akira (Oct 14)
- Re: pop3 exploit???? John Thornton (Oct 15)
- Re: pop3 exploit???? theog (Oct 17)
- RE: pop3 exploit???? leon (Oct 17)
- Re: pop3 exploit???? Brian O'Berry (Oct 17)
- Re: pop3 exploit???? Edward Wong Hau Pepelu Tivrusky the 4th (Oct 17)
- RE: pop3 exploit???? Robert McGinnis (Oct 17)
- RE: pop3 exploit???? Kaneda Akira (Oct 17)
- RE: pop3 exploit???? leon (Oct 17)
- Re: pop3 exploit???? theog (Oct 17)
- RE: pop3 exploit???? Simon Thornton (Oct 18)
- <Possible follow-ups>
- Re: pop3 exploit???? dan . ellis (Oct 15)