On 16-Apr-2002, Priscilla Oppenheimer wrote:
> When people Telnet to SMTP server, what do they then do? Do they manually
> send the normal SMTP commands? Sorry, if that's a dumb question, but I'm
> just trying to figure out the situation.
I've used it commonly when I have DNS problems, or when the site I'm
sending to has DNS problems.
HELO rip.ops.neosoft.com
MAIL FROM:
RCPT TO:
DATA
Subject: DNS problem for whitehouse.gov
Al Gore's invention has broken. Please fix your DNS server.
Andrew
> If they are not Telnetting in order to send ordinary SMTP commands (HELO,
> RSET, RCPT, DATA, etc). then of course, you could recognize them because
by
> what they aren't doing.
Possible dangers from a socket connection to your SMTP server would be:
SYN attack - not detectable by IDS due to the fact that the only packet
available for inspection is the initial bogus SYN and
thus preventable by a SYN gateway such as Checkpoint.
Program vulnerability attacks -
patch your SMTP daemon
Spammers - Prevent relaying and block at the IP level when detected or
code in detection of excessive destinations by untrusted
senders.
Someone telnetting to port 25 and issuing non-ordinary SMTP commands
shouldn't
cause you any problems. If it does, patch or replace your SMTP daemon.
> Let's say they are sending ordinary SMTP commands. Would it be possible
> then to recognize this by the timing? Even the fastest typist can't send
> those commands as fast as e-mail software can.
Since a SMTP daemon won't negotiate telnet terminal characteristics (such
as character mode vs line mode), you would only get a line of text at
a time. You can't tell the difference between a telnet session with
someone typing by hand and hitting enter vs a congested or slow connection
until you got to the actual mail body where they would be sending multiple
lines of text in a single packet. The situations where you could detect that
and actually have some benefit by preventing that are miniscule at best.
> That's my $0.00000010. Please do answer, though. I'm trying to learn more
> about this curious thing of Telnetting to ports other than 23.
Other than it's ability to do terminal mode negotiations, telnet is just
a way to make a text mode input into a TCP socket connection. Many common
Internet protocols are text based and one can interact with them via telnet
or other programs such as netcat. Our tech support department commonly
diagnoses POP3 problems by telnetting to port 110. Ie:
telnet mailhost.isp.net pop3
+OK mailhost.isp.net BullwinklePOPPER v1.2.3 server ready
user customername
+OK Password required
pass moosensquirrel
+OK customername has 1 message(s) (439 octets).
dele 1
... etc ...
You can interact with many servers that use text-based protocols, including
SMTP, POP3, telnet, and NNTP.
At NeoSoft, we even had our own management system (before much of the
unix server based SNMP MIBs came available) called RCMP (remote computer
management protocol) for detecting cpu, disk utilization, adding and
removing users, etc (nothing to do with Canadian Mounties mind you).
It was mostly automated, but I could interact with it from anywhere
on the Internet using telnet and text based authentication. Granted,
this was in the "Good Olde Days", but even today, we are using and
actively designing management protocols that are text based with
text return codes for usability rather than raw speed.
---------------------------------------------------------------------------
** Andrew W. Smith ** [EMAIL PROTECTED] ** Senior Network Engineer **
** http://www.neosoft.com/neosoft/staff/andrew ** 1-888-NEOSOFT **
** NeoSoft, Inc. An Internet America Company 1-800-BE-A-GEEK **
** "Opportunities multiply as they are seized" - Sun Tzu **
---------------------------------------------------------------------------
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=41721&t=41565
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
