Join the club. my C++ skills are non-existant... i don't think i'll be
mucking around with the production server....
-----Original Message-----
From: Lefkovics, William [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, 22 August 2001 8:31 AM
To: MS-Exchange Admin Issues
Subject: RE: Exchange Banner editing - Interesting Article on the
sercurit y list - here's a summary for those who missed it
Nah.
My event sink skills are limited to VBScript and some VB. I'm feeble in C++
beyond "Hello World".
William
-----Original Message-----
From: Matthew Western [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 21, 2001 4:05 PM
To: MS-Exchange Admin Issues
Subject: RE: Exchange Banner editing - Interesting Article on the
sercurit y list - here's a summary for those who missed it
ah, i thought you'd reply :) i just thougt it was an interesting read....
someone might find it useful...
you change yours OK? anyway,
, cheers
-----Original Message-----
From: Lefkovics, William [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, 22 August 2001 8:25 AM
To: MS-Exchange Admin Issues
Subject: RE: Exchange Banner editing - Interesting Article on the
sercurit y list - here's a summary for those who missed it
All true.
I'd want to play with it just cause I can. We know more about the script
kiddies than they know about us. Oooo... Netcraft...
It's the hackers I'd worry about, and they could care less what your port 25
telnet banner says.
William Lefkovics, MCSE, A+
-----Original Message-----
From: Matthew Western [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 21, 2001 3:55 PM
To: MS-Exchange Admin Issues
Subject: Exchange Banner editing - Interesting Article on the sercurity
list - here's a summary for those who missed it
Q:
How do you change the Exchange banner that appears when you telnet to the
exchange box on port 25?? I have heard that you must hex edit a .dll but do
not know which .dll to edit?? Anyone know??
A:
http://support.microsoft.com/support/kb/articles/q281/2/24.asp in e2k
5.5
I can speak only for version 5.5:
For port 25, the strings that need to be edited (with something like
WinHex) are found in /exchsrvr/connect/msexcimc/bin/msexcimc.exe.
For port 110, the strings are in /exchsrvr/bin/store.exe.
As pointed out, you will have to redo the strings after you apply a
service pack. Also, be careful editing store.exe. I strongly
recommend knowledge of C programming for changing the strings since
the printf parameters are found in the strings (i.e. %s, %i). If you
overwrite the first one, you most likely will align a wrong argument
(try printing a long with %s :) in which case the process calls the
doctor (Watson that is).
interesting post --
I wouldn't say that. Deception and misinformation has always been
used in the intelligence community as part of their security posture
enhancement.
Yes, changing banners doesn't make you secure by fixing problems.
Bugs don't go away. But banner grabbing is often done by automated
tools, services (i.e. NetCraft), or individuals. Making it harder for
them to identify your systems does increase security posture. (I
have used this on MS IIS successfully. Netcraft had listed a site as
running Koyote web server... hehe).
Most of the rest is just noise.....
Matthew
List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm
List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm
List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm
List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm
List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm
