| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: PerrymonJ at bek.com (Perrymon, Josh L.) Subject: Sidewinder G2 So the pix allows the 7 command in RFC 821 section 4.5.1-- DATA HELO MAIL NOOP QUIT RCPT RSET If a remote client sends ESMTP it converts it to a NOOP command and sends it to the firewall... And it also analyses the data payload and if it finds an invalid request it will remove the command or send a NOOP to the server. The PIX will respond with xxxx's in the SMTP version if you do a telnet... So it's a packet filter with application inspection... right..?? -----Original Message----- From: Valdis.Kletnieks@...edu [mailto:Valdis.Kletnieks@...edu] Sent: Tuesday, November 18, 2003 10:20 AM To: Perrymon, Josh L. Cc: full-disclosure@...ts.netsys.com Subject: Re: [Full-Disclosure] Sidewinder G2 On Tue, 18 Nov 2003 09:49:52 CST, "Perrymon, Josh L." said: > The cisco PIX doesn't run the actual SMTP service. The problem would be in > the Fixup for the SMTP protocol. Hmm.. so we *don't* actually do SMTP, we merely screw with the bits in passing even more than an actual SMTP relay would do (as it would just slap on a Received: and keep going). It answers a SYN packet on port 25, it sends a distinctive '220 hello' reply different than what might be behind it, it accepts EHLO/MAIL FROM/RCPT TO/DATA/QUIT, it isn't merely tunneling packets to a server behind the firewall. Pedantic sophistry at its best. It's an SMTP server, guys. Looks like a duck, quacks like a duck, and slapping a "this is a Fixup not a Server" label on it isn't gonna remove the duck feathers.
Powered by blists - more mailing lists