RE: SMTP Survey

From: Michael Burns (mburns@sp-uk.com)
Date: Thu Oct 09 2003 - 04:54:37 EDT


Re-sent as I accidentally sent to an individual :-s

We've been working with Vigilante for a while now, the scan is very
thorough, fast and importantly it is accurate. However, it is commercial
and a tad on the expensive side, well that is, if you are looking for a
free tool ;) I have used nmap and similar tools and find them excellent
tools, especially considering the price :)

You can do manual checks on the smtp service to check if you can relay
or not, however, you can also use something like http://www.ordb.org/
which I have only really used the one. The downside to this is that if
you are an open relay it does record and publicise the fact.

Mike

-----Original Message-----
From: Michael Coulter [mailto:mjc@bitz.ca]
Sent: 07 October 2003 08:40
To: ajwhitaker@excite.com
Cc: pen-test@securityfocus.com
Subject: Re: SMTP Survey

On Sat, Oct 04, 2003 at 12:03:25PM -0400, ajwhitaker@excite.com wrote:

> What tools / techniques / scripts do you use when testing against port
25?
> Currently I just test for mail-relay, but I'm wondering what other
tests/tools
> are used.

Others have already mentioned a few fingerprinting tools.
However they have missed my two favourites thus far.

thc-vmap available at http://www.thc.org/

nmap using "-sV".

This service fingerprinting feature was added recently, and new
fingerprints are coming in all the time. You may need to update
to use this feature, and will definitely want to update to get
a more comprehensive fingerprint database.

------------------------------------------------------------------------

---
Tired of constantly searching the web for the latest exploits?
Tired of using 300 different tools to do one job?
Get CORE IMPACT and get some rest.
www.coresecurity.com/promos/sf_ept2
------------------------------------------------------------------------
----
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
www.mimesweeper.com
**********************************************************************
---------------------------------------------------------------------------
Tired of constantly searching the web for the latest exploits?
Tired of using 300 different tools to do one job?
Get CORE IMPACT and get some rest.
www.coresecurity.com/promos/sf_ept2
----------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:41 EDT