Heck, thanks William. Next time I'll RTFM first ;-)
<Siegfried />
> -----Original Message-----
> From: Lefkovics, William [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, August 22, 2001 5:43 PM
> To: MS-Exchange Admin Issues
> Subject: RE: Exchange Banner editing - Interesting Article on the
sercurit
> y list - here's a summary for those who missed it
>
> That's exactly what was explained in the first half of this thread
which
> appears on a different list.
>
> William
>
> -----Original Message-----
> From: Siegfried Weber [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, August 22, 2001 4:23 AM
> To: MS-Exchange Admin Issues
> Subject: RE: Exchange Banner editing - Interesting Article on the
> sercurit y list - here's a summary for those who missed it
>
>
> Hackers and SPAM'er don't care about what the banner tells. I've
changed
> mine quite a while back and I still get NDR's from people who try to
> relay via my frontend SMTP Server (a plain Win2k SMTP used to forward
> all mail to the Exchange 2000 box in the internal network).
>
> Looks to me those guys are checking which commands are returned after
a
> helo+help. That's IMHO the most interesting part because it returns
the
> SMTP verbs supported and tells much more about the SMTP Server.
>
> <Siegfried />
>
> > -----Original Message-----
> > From: Lefkovics, William [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, August 22, 2001 12:55 AM
> > To: MS-Exchange Admin Issues
> > Subject: RE: Exchange Banner editing - Interesting Article on the
> sercurit
> > y list - here's a summary for those who missed it
> >
> > All true.
> >
> > I'd want to play with it just cause I can. We know more about the
> script
> > kiddies than they know about us. Oooo... Netcraft...
> >
> > It's the hackers I'd worry about, and they could care less what your
> port
> > 25
> > telnet banner says.
> >
> > William Lefkovics, MCSE, A+
> >
> > -----Original Message-----
> > From: Matthew Western [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, August 21, 2001 3:55 PM
> > To: MS-Exchange Admin Issues
> > Subject: Exchange Banner editing - Interesting Article on the
> sercurity
> > list - here's a summary for those who missed it
> >
> >
> > Q:
> >
> > How do you change the Exchange banner that appears when you telnet
to
> the
> > exchange box on port 25?? I have heard that you must hex edit a
.dll
> but
> > do
> > not know which .dll to edit?? Anyone know??
> >
> > A:
> >
> > http://support.microsoft.com/support/kb/articles/q281/2/24.asp in
e2k
> >
> >
> > 5.5
> >
> > I can speak only for version 5.5:
> >
> > For port 25, the strings that need to be edited (with something like
> > WinHex) are found in /exchsrvr/connect/msexcimc/bin/msexcimc.exe.
> > For port 110, the strings are in /exchsrvr/bin/store.exe.
> >
> > As pointed out, you will have to redo the strings after you apply a
> > service pack. Also, be careful editing store.exe. I strongly
> > recommend knowledge of C programming for changing the strings since
> > the printf parameters are found in the strings (i.e. %s, %i). If you
> > overwrite the first one, you most likely will align a wrong argument
> > (try printing a long with %s :) in which case the process calls the
> > doctor (Watson that is).
> >
> >
> >
> > interesting post --
> >
> >
> > I wouldn't say that. Deception and misinformation has always been
> > used in the intelligence community as part of their security posture
> > enhancement.
> >
> > Yes, changing banners doesn't make you secure by fixing problems.
> > Bugs don't go away. But banner grabbing is often done by automated
> > tools, services (i.e. NetCraft), or individuals. Making it harder
for
> > them to identify your systems does increase security posture. (I
> > have used this on MS IIS successfully. Netcraft had listed a site as
> > running Koyote web server... hehe).
> >
> > Most of the rest is just noise.....
> >
> > Matthew
> >
> >
> >
> > List Charter and FAQ at:
> > http://www.sunbelt-software.com/exchange_list_charter.htm
> >
> > List Charter and FAQ at:
> > http://www.sunbelt-software.com/exchange_list_charter.htm
>
>
> List Charter and FAQ at:
> http://www.sunbelt-software.com/exchange_list_charter.htm
>
> List Charter and FAQ at:
> http://www.sunbelt-software.com/exchange_list_charter.htm
List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm
