RE: Identify the make and model of a Mail Server

From: Bob Radvanovsky (rsradvan@unixworks.net)
Date: Sun Feb 05 2006 - 12:52:47 EST


Actually, NMAP offers a decent method of identification on TWO factors: (1) identify the software running on the target server (if applicable), and (2) identify the version of the software.

The parameters are: nmap -A -T4 -F <target hostname or IP address>

If the site is blocking ICMP, try it with the "-P0" option.

Bob Radvanovsky, CISM, CIFI, REM, CIPS
"knowledge squared is information shared"
rsradvan (at) unixworks.net | infracritical.com | ehealthgrid.com
(630) 673-7740 | (412) 774-0373 (fax)

*** DISCLAIMER NOTICE ***
This electronic mail ("e-mail") message, including any and/or all attachments, is for the sole use of the intended recipient(s), and may contain confidential and/or privileged information, pertaining to business conducted under the direction and supervision of Bob Radvanovsky and/or his affiliates, as well as is the property of Bob Radvanovsky and/or his affiliates, or otherwise protected from disclosure. All electronic mail messages, which may have been established as expressed views and/or opinions (stated either within the electronic mail message or any of its attachments), are left at the sole discretion and responsibility of that of the sender, and are not necessarily attributed to Bob Radvanovsky. Unauthorized interception, review, use, disclosure or distribution of any such information contained within this electronic mail message and/or its attachment(s), is(are) strictly prohibited. As this e-mail may be legally privileged and/or confidential and is intended only for the use of the addressee(s),
no addressee should forward, print, copy, or otherwise reproduce this message in any manner that would allow it to be viewed by any individual not originally listed as a recipient. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized disclosure, dissemination, distribution, copying or the taking of any action in reliance upon the information herein is strictly prohibited. If you have received this communication in error, please notify the sender immediately, followed by the deletion of this or any related message.

----- Original Message -----
From: Joseph Jenkins [mailto:maillist@breathe-underwater.com]
To: pen-test@securityfocus.com
Subject: RE: Identify the make and model of a Mail Server

> When you telnet into port 25 on most smtp servers it will tell you what it
> is even if it is behind a firewall. The firewall will pass the traffic
> directly into the server. For example if someone has put their domino
> server out onto the internet, when you telnet into port 25 it will tell you
> the version of Domino server that is running. Also while most admins will
> use the generic mail.xxxx.xxx in their DNS records, the smtp server will
> tell you what it's true name is. This can either give you a clue as to what
> software the server is running or it can even tell you the naming scheme the
> company uses.
>
> Hope it helps.
>
> -----Original Message-----
> From: Doug Fox [mailto:dfox168@hotmail.com]
> Sent: Wednesday, February 01, 2006 8:30 AM
> To: pen-test@securityfocus.com
> Subject: Identify the make and model of a Mail Server
>
> One can use NetCraft (www.netcraft.com) to identify a web server if it is
> Appache, IIS, etc.
>
> How can one identify a mail server behind a firewall, be it Exchange,
> GroupWise, or Lotus Notes?
>
> nmap or nessus helps identify if a mail server is available through tcp port
>
> 25.
>
> Any info is much appreciated!
>
> Regards,
>
> DF
>
> ----------------------------------------------------------------------------
> --
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
>
> futile against web application hacking. Check your website for
> vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before hackers
> do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> ----------------------------------------------------------------------------
> ---
>
>
>
> ------------------------------------------------------------------------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
>
> futile against web application hacking. Check your website for
> vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before hackers
> do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------
>
>

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:26 EDT