From: Michael Gargiullo (mgargiullo@pvtpt.com)
Date: Wed Feb 08 2006 - 22:24:03 EST
-----Original Message-----
From: Doug Fox [mailto:dfox168@hotmail.com]
Sent: Friday, February 03, 2006 9:04 AM
To: pen-test@securityfocus.com; incidents@securityfocus.com;
forensics@securityfocus.com
Subject: Identification of a Mail Server
One can use NetCraft (www.netcraft.com) to identify a web server if it
is
Appache, IIS, etc.
How can one identify a mail server behind a firewall, be it Exchange,
GroupWise, or Lotus Notes?
nmap or nessus helps identify if a mail server is available through tcp
port
25.
Any info is much appreciated!
Regards,
DF
--------
Doug,
You will only be able to identify a mail server that you can access.
Your only other option could come from any message headers you have
received from the mail server.
One of my jobs as a security admin is to make it as difficult as
possible for you to identify any service I run.
I also have mail servers that have no internet presence. They pull mail
in, then use a smart host for sending. They're a ghost, you'd never know
they're out there unless you inspect the headers. Even then you still
can't access it.
(Look at the headers in this message)
Good luck on your hunt.
-Mike
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:28 EDT