any way to change the smtp port 25 "greeting"?
Richard Warwick
noticed that the smtp gateway we are using gave the following "greeting"
when connected:
"220 <myservername.mydomain.com> GroupWise Internet Agent 6.5.1 Copyright
(c) 1993-2003 Novell, Inc. All rights reserved. Ready"
they are suggesting that we not give a potential attacker any more
information than we need to, and try and modify the greeting so it says
something like:
"220 SMTP READY"
Is there anyway that this can be modified? I looked for files and tids and
came up blank
Thanks,
Richard Warwick
Mike R
"Richard Warwick" <richard...@altertrading.nospam.com> wrote in message
news:1FZRb.2461$Wh....@prv-forum2.provo.novell.com...
Uwe Buckesfeld
> I believe it is on the wish list.
Correct
Uwe
--
Novell Support Connection Volunteer SysOp
Please don't send me support related e-mail unless I ask you to do so.
iNcogNito
--
He Wakes up at night screaming "Take out Pedro! Take out Pedro!" Ha Ha!
Uwe Buckesfeld
> since groupwise 4.1 I believe ;o)
LOL! Yeah...
http://support.novell.com/enhancement
But I guess you've been there already <G>
Bill Sappington
DO NOT EVEN _THINK_ OF TRYING THIS UNLESS YOU ARE INTIMATELY FAMILIAR
WITH THE WAY YOUR SYSTEM OPERATATES AND PERFORMS ON A MINUTE BY MINUTE
BASIS.
THIS IS NOT ENDORSED BY NOVELL IN ANY MANNER WHATSOEVER & MIGHT CRASH
YOUR SYSTEM IN WAYS THAT ARE UNPREDICTABLE AND QUITE POSSIBLY UN-REPAIRABLE!
THE SENDER OF THIS E-MAIL MESSAGE ( me! ) IS IN NO WAY, SHAPE OR FORM
RESPONSIBLE FOR ANYTHING YOU DO TO YOUR SYSTEM BASED ON THE INFORMATION
CONTAINED HEREIN.
YOU HAVE BEEN WARNED!
WARNING * WARNING * WARNING * WARNING * WARNING * WARNING * WARNING
>>>> Now that I have said that... <<<<
To make your GWIA respond with "220 SMTP Ready" instead of all that
other stuff take the following steps:
1. Make at LEAST one (1) backup copy of GWIA.NLM
2. Get out your favorate >> HEX << editor ( if you dont know that this
is, STOP NOW - GO NO FURTHER! You CANNOT do this with Word, Wordpad, or
any other MS-Office product!!!) I personaly recommend UltraEdit-32 but
if you have one you like in particular and are confident with it, use
it. If you have been around long enough to remember how to use DEBUG to
edit a BINARY file, use that if you like just remember about the 0x100
offset!
3. Open GWIA.NLM in the editor.
4. For GWIA 6.5.0, Find offset 0x166062 in other versions you must
search for the string "220 %s GroupWise" without the quotes. The entire
string that is in the NLM is as follows:
220 %s GroupWise Internet Agent 6.5.0 Copyright (c) 1993-2002 Novell,
Inc. All rights Reserved. Ready
This will correspond to the following HEX values:
00 00 32 32 30 20 25 73 20 47 72 6F 75 70 57 69
73 65 20 49 6E 74 65 72 6E 65 74 20 41 67 65 6E
74 20 36 2E 35 2E 30 20 20 43 6F 70 79 72 69 67
68 74 20 28 63 29 20 31 39 39 33 2D 32 30 30 32
20 4E 6F 76 65 6C 6C 2C 20 49 6E 63 2E 20 20 41
6C 6C 20 72 69 67 68 74 73 20 72 65 73 65 72 76
65 64 2E 20 52 65 61 64 79 0D 0A 00 00 00 46 52
NOTE: What you see for a version number and a copyright year will be
different but it should be substantialy the same as illustrated.
5. Change what the GWIA transmits upon someone opening a session. As
you can see, the Hex digits 00 preceed and succeed the statement as
outlined. The leading 0x00 immediately before "220" is the start of the
string fed to the standard C call Printf() and its likenesses. The
trailing 0x00's indicate the end of the string because C uses NULL
terminated strings. The %s tells printf() that some string argument is
being passed to it. So in the actual code it is more then likely:
printf('220 %s GroupWise Internet Agent 6.5.0 Copyright (c) 1993-2002
Novell, Inc. All rights Reserved. Ready',System.Domain.Name);
So what you want to do is remove the string being fed to the function.
You can either truncate it by placing a hex 0x00 where you want it to
stop but the best way is to null out the entire string. So when your
done it should look as follows:
220 SMTP Ready
This will correspond to the following HEX values:
00 00 32 32 30 20 53 4D 54 50 20 52 45 41 44 59
0D 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 46 52
6. Press the SAVE button.
7. Shutdown the GWIA & Re-Load.
8. It should now respond, "220 SMTP Ready" when you telnet in on port 25.
WARNING * WARNING * WARNING * WARNING * WARNING * WARNING * WARNING
DO NOT EVEN _THINK_ OF TRYING THIS UNLESS YOU ARE INTIMATELY FAMILIAR
WITH THE WAY YOUR SYSTEM OPERATATES AND PERFORMS ON A MINUTE BY MINUTE
BASIS.
THIS IS NOT ENDORSED BY NOVELL IN ANY MANNER WHATSOEVER & MIGHT CRASH
YOUR SYSTEM IN WAYS THAT ARE UNPREDICTABLE AND QUITE POSSIBLY UN-REPAIRABLE!
THE SENDER OF THIS E-MAIL MESSAGE ( me! ) IS IN NO WAY, SHAPE OR FORM
RESPONSIBLE FOR ANYTHING YOU DO TO YOUR SYSTEM BASED ON THE INFORMATION
CONTAINED HEREIN.
YOU HAVE BEEN WARNED!
WARNING * WARNING * WARNING * WARNING * WARNING * WARNING * WARNING
Arjan
<Bi...@nospam.oaksystems.com> wrote:
> >>>> Now that I have said that... <<<<
This works, if you know what you're doing.
But what's wrong with reporting version and system?
Even Novell does that:
220 olympus.novell.com GWGuardian ESMTP Receiver Version 3.0.283.0
Ready
Kind regards,
Arjan
Frank Korpershoek
>But what's wrong with reporting version and system?
The downside of reporting product and version is that an intruder has
information of your system, which saves him time. He can directly get
to the possible vulnerabilities of your system. I can also imagine
that there are scanners around to find particular products/versions.
By replacing the greeting, these scanners just go to the neighbor....
regards -Frank Korpershoek-
:Korpershoek Networking:
:tel +31 15 2130034:mob +31 6 55730822:fax +31 15 2124278:
Tim Wohlford
theoretically possible.
Tim Wohlford, CNE
"Frank Korpershoek" <novsupport...@THISOUTkorpershoek.net> wrote in
message news:m49k10p04vvuuokbu...@4ax.com...