RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it
You don't need *any* C/C++ skills to change such a thing. The Microsoft Visual C++ IDE offers a way to open an .EXE or .DLL file as resource to change a string compiled into the file. That's what the discussion is talking about and that's how you could also change the mailbox warning messages which are stored in mdbres.dll IIRC. Siegfried / -Original Message- From: Matthew Western [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 1:12 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it Join the club. my C++ skills are non-existant... i don't think i'll be mucking around with the production server -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 22 August 2001 8:31 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it Nah. My event sink skills are limited to VBScript and some VB. I'm feeble in C++ beyond Hello World. William -Original Message- From: Matthew Western [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 21, 2001 4:05 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it ah, i thought you'd reply :) i just thougt it was an interesting read someone might find it useful... you change yours OK? anyway, , cheers -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 22 August 2001 8:25 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it All true. I'd want to play with it just cause I can. We know more about the script kiddies than they know about us. Oooo... Netcraft... It's the hackers I'd worry about, and they could care less what your port 25 telnet banner says. William Lefkovics, MCSE, A+ -Original Message- From: Matthew Western [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 21, 2001 3:55 PM To: MS-Exchange Admin Issues Subject: Exchange Banner editing - Interesting Article on the sercurity list - here's a summary for those who missed it Q: How do you change the Exchange banner that appears when you telnet to the exchange box on port 25?? I have heard that you must hex edit a .dll but do not know which .dll to edit?? Anyone know?? A: http://support.microsoft.com/support/kb/articles/q281/2/24.asp in e2k 5.5 I can speak only for version 5.5: For port 25, the strings that need to be edited (with something like WinHex) are found in /exchsrvr/connect/msexcimc/bin/msexcimc.exe. For port 110, the strings are in /exchsrvr/bin/store.exe. As pointed out, you will have to redo the strings after you apply a service pack. Also, be careful editing store.exe. I strongly recommend knowledge of C programming for changing the strings since the printf parameters are found in the strings (i.e. %s, %i). If you overwrite the first one, you most likely will align a wrong argument (try printing a long with %s :) in which case the process calls the doctor (Watson that is). interesting post -- I wouldn't say that. Deception and misinformation has always been used in the intelligence community as part of their security posture enhancement. Yes, changing banners doesn't make you secure by fixing problems. Bugs don't go away. But banner grabbing is often done by automated tools, services (i.e. NetCraft), or individuals. Making it harder for them to identify your systems does increase security posture. (I have used this on MS IIS successfully. Netcraft had listed a site as running Koyote web server... hehe). Most of the rest is just noise. Matthew List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it
Title: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it Well where have you been? We've been waiting for you to chime in! g -Original Message- From: Siegfried Weber [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 4:25 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it You don't need *any* C/C++ skills to change such a thing. The Microsoft Visual C++ IDE offers a way to open an .EXE or .DLL file as resource to change a string compiled into the file. That's what the discussion is talking about and that's how you could also change the mailbox warning messages which are stored in mdbres.dll IIRC. Siegfried / -Original Message- From: Matthew Western [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 1:12 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it Join the club. my C++ skills are non-existant... i don't think i'll be mucking around with the production server -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 22 August 2001 8:31 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it Nah. My event sink skills are limited to VBScript and some VB. I'm feeble in C++ beyond Hello World. William -Original Message- From: Matthew Western [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 21, 2001 4:05 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it ah, i thought you'd reply :) i just thougt it was an interesting read someone might find it useful... you change yours OK? anyway, , cheers -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 22 August 2001 8:25 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it All true. I'd want to play with it just cause I can. We know more about the script kiddies than they know about us. Oooo... Netcraft... It's the hackers I'd worry about, and they could care less what your port 25 telnet banner says. William Lefkovics, MCSE, A+ -Original Message- From: Matthew Western [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 21, 2001 3:55 PM To: MS-Exchange Admin Issues Subject: Exchange Banner editing - Interesting Article on the sercurity list - here's a summary for those who missed it Q: How do you change the Exchange banner that appears when you telnet to the exchange box on port 25?? I have heard that you must hex edit a .dll but do not know which .dll to edit?? Anyone know?? A: http://support.microsoft.com/support/kb/articles/q281/2/24.asp in e2k 5.5 I can speak only for version 5.5: For port 25, the strings that need to be edited (with something like WinHex) are found in /exchsrvr/connect/msexcimc/bin/msexcimc.exe. For port 110, the strings are in /exchsrvr/bin/store.exe. As pointed out, you will have to redo the strings after you apply a service pack. Also, be careful editing store.exe. I strongly recommend knowledge of C programming for changing the strings since the printf parameters are found in the strings (i.e. %s, %i). If you overwrite the first one, you most likely will align a wrong argument (try printing a long with %s :) in which case the process calls the doctor (Watson that is). interesting post -- I wouldn't say that. Deception and misinformation has always been used in the intelligence community as part of their security posture enhancement. Yes, changing banners doesn't make you secure by fixing problems. Bugs don't go away. But banner grabbing is often done by automated tools, services (i.e. NetCraft), or individuals. Making it harder for them to identify your systems does increase security posture. (I have used this on MS IIS successfully. Netcraft had listed a site as running Koyote web server... hehe). Most of the rest is just noise. Matthew List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at:
RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it
I've been OOF doing a training for HP Germany on how to migrate from OpenMail to Exchange 2000 ;-) Siegfried / -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 4:01 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it Well where have you been? We've been waiting for you to chime in! g -Original Message- From: Siegfried Weber [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 4:25 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it You don't need *any* C/C++ skills to change such a thing. The Microsoft Visual C++ IDE offers a way to open an .EXE or .DLL file as resource to change a string compiled into the file. That's what the discussion is talking about and that's how you could also change the mailbox warning messages which are stored in mdbres.dll IIRC. Siegfried / -Original Message- From: Matthew Western [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 1:12 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it Join the club. my C++ skills are non-existant... i don't think i'll be mucking around with the production server -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 22 August 2001 8:31 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it Nah. My event sink skills are limited to VBScript and some VB. I'm feeble in C++ beyond Hello World. William -Original Message- From: Matthew Western [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 21, 2001 4:05 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it ah, i thought you'd reply :) i just thougt it was an interesting read someone might find it useful... you change yours OK? anyway, , cheers -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 22 August 2001 8:25 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it All true. I'd want to play with it just cause I can. We know more about the script kiddies than they know about us. Oooo... Netcraft... It's the hackers I'd worry about, and they could care less what your port 25 telnet banner says. William Lefkovics, MCSE, A+ -Original Message- From: Matthew Western [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 21, 2001 3:55 PM To: MS-Exchange Admin Issues Subject: Exchange Banner editing - Interesting Article on the sercurity list - here's a summary for those who missed it Q: How do you change the Exchange banner that appears when you telnet to the exchange box on port 25?? I have heard that you must hex edit a .dll but do not know which .dll to edit?? Anyone know?? A: http://support.microsoft.com/support/kb/articles/q281/2/24.asp in e2k 5.5 I can speak only for version 5.5: For port 25, the strings that need to be edited (with something like WinHex) are found in /exchsrvr/connect/msexcimc/bin/msexcimc.exe. For port 110, the strings are in /exchsrvr/bin/store.exe. As pointed out, you will have to redo the strings after you apply a service pack. Also, be careful editing store.exe. I strongly recommend knowledge of C programming for changing the strings since the printf parameters are found in the strings (i.e. %s, %i). If you overwrite the first one, you most likely will align a wrong argument (try printing a long with %s :) in which case the process calls the doctor (Watson that is). interesting post -- I wouldn't say that. Deception and misinformation has always been used in the intelligence community as part of their security posture enhancement. Yes, changing banners doesn't make you secure by fixing problems. Bugs don't go away. But banner grabbing is often done by automated tools, services (i.e. NetCraft), or individuals. Making it harder for them to identify your systems does increase security posture. (I have used this on MS IIS successfully. Netcraft had listed a site as running Koyote web server... hehe). Most of the rest is just noise. Matthew List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at:
RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it
I thought HP had moved to Exchange 2000 already. I know they are stopping Openmail support in the next year or so, should be busy time for you migrating the Openmail deployments. I know one place that sent their Openmail admins on Exchange 2000 course expecting them to come back and start deploying in three weeks, unfortunately they hadn't heard about AD ;o) Paul -Original Message- From: Siegfried Weber [mailto:[EMAIL PROTECTED]] Sent: 22 August 2001 15:19 To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it I've been OOF doing a training for HP Germany on how to migrate from OpenMail to Exchange 2000 ;-) Siegfried / -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 4:01 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it Well where have you been? We've been waiting for you to chime in! g -Original Message- From: Siegfried Weber [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 4:25 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it You don't need *any* C/C++ skills to change such a thing. The Microsoft Visual C++ IDE offers a way to open an .EXE or .DLL file as resource to change a string compiled into the file. That's what the discussion is talking about and that's how you could also change the mailbox warning messages which are stored in mdbres.dll IIRC. Siegfried / -Original Message- From: Matthew Western [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 1:12 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it Join the club. my C++ skills are non-existant... i don't think i'll be mucking around with the production server -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 22 August 2001 8:31 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it Nah. My event sink skills are limited to VBScript and some VB. I'm feeble in C++ beyond Hello World. William -Original Message- From: Matthew Western [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 21, 2001 4:05 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it ah, i thought you'd reply :) i just thougt it was an interesting read someone might find it useful... you change yours OK? anyway, , cheers -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 22 August 2001 8:25 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it All true. I'd want to play with it just cause I can. We know more about the script kiddies than they know about us. Oooo... Netcraft... It's the hackers I'd worry about, and they could care less what your port 25 telnet banner says. William Lefkovics, MCSE, A+ -Original Message- From: Matthew Western [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 21, 2001 3:55 PM To: MS-Exchange Admin Issues Subject: Exchange Banner editing - Interesting Article on the sercurity list - here's a summary for those who missed it Q: How do you change the Exchange banner that appears when you telnet to the exchange box on port 25?? I have heard that you must hex edit a .dll but do not know which .dll to edit?? Anyone know?? A: http://support.microsoft.com/support/kb/articles/q281/2/24.asp in e2k 5.5 I can speak only for version 5.5: For port 25, the strings that need to be edited (with something like WinHex) are found in /exchsrvr/connect/msexcimc/bin/msexcimc.exe. For port 110, the strings are in /exchsrvr/bin/store.exe. As pointed out, you will have to redo the strings after you apply a service pack. Also, be careful editing store.exe. I strongly recommend knowledge of C programming for changing the strings since the printf parameters are found in the strings (i.e. %s, %i). If you overwrite the first one, you most likely will align a wrong argument (try printing a long with %s :) in which case the process calls the doctor (Watson that is). interesting post -- I wouldn't say that. Deception and misinformation has always been used in the intelligence community as part of their security posture enhancement. Yes,
RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it
What's AD? -Original Message- From: Bendall, Paul [mailto:[EMAIL PROTECTED]] Sent: 22 August 2001 15:42 To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it I thought HP had moved to Exchange 2000 already. I know they are stopping Openmail support in the next year or so, should be busy time for you migrating the Openmail deployments. I know one place that sent their Openmail admins on Exchange 2000 course expecting them to come back and start deploying in three weeks, unfortunately they hadn't heard about AD ;o) Paul -Original Message- From: Siegfried Weber [mailto:[EMAIL PROTECTED]] Sent: 22 August 2001 15:19 To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it I've been OOF doing a training for HP Germany on how to migrate from OpenMail to Exchange 2000 ;-) Siegfried / -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 4:01 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it Well where have you been? We've been waiting for you to chime in! g -Original Message- From: Siegfried Weber [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 4:25 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it You don't need *any* C/C++ skills to change such a thing. The Microsoft Visual C++ IDE offers a way to open an .EXE or .DLL file as resource to change a string compiled into the file. That's what the discussion is talking about and that's how you could also change the mailbox warning messages which are stored in mdbres.dll IIRC. Siegfried / -Original Message- From: Matthew Western [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 1:12 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it Join the club. my C++ skills are non-existant... i don't think i'll be mucking around with the production server -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 22 August 2001 8:31 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it Nah. My event sink skills are limited to VBScript and some VB. I'm feeble in C++ beyond Hello World. William -Original Message- From: Matthew Western [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 21, 2001 4:05 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it ah, i thought you'd reply :) i just thougt it was an interesting read someone might find it useful... you change yours OK? anyway, , cheers -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 22 August 2001 8:25 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it All true. I'd want to play with it just cause I can. We know more about the script kiddies than they know about us. Oooo... Netcraft... It's the hackers I'd worry about, and they could care less what your port 25 telnet banner says. William Lefkovics, MCSE, A+ -Original Message- From: Matthew Western [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 21, 2001 3:55 PM To: MS-Exchange Admin Issues Subject: Exchange Banner editing - Interesting Article on the sercurity list - here's a summary for those who missed it Q: How do you change the Exchange banner that appears when you telnet to the exchange box on port 25?? I have heard that you must hex edit a .dll but do not know which .dll to edit?? Anyone know?? A: http://support.microsoft.com/support/kb/articles/q281/2/24.asp in e2k 5.5 I can speak only for version 5.5: For port 25, the strings that need to be edited (with something like WinHex) are found in /exchsrvr/connect/msexcimc/bin/msexcimc.exe. For port 110, the strings are in /exchsrvr/bin/store.exe. As pointed out, you will have to redo the strings after you apply a service pack. Also, be careful editing store.exe. I strongly recommend knowledge of C programming for changing the strings since the printf parameters are found in the strings (i.e. %s, %i). If you overwrite the first one, you most likely will align a wrong argument (try printing a long
RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it
From what I gathered at this workshop HP neither has Active Directory nor Exchange 2000 rolled out yet but do have quite a lot NT4/Exchange 5.5 deployment. So they start planning how to migrate all those stuff soon. Siegfried / -Original Message- From: Bendall, Paul [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 4:42 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it I thought HP had moved to Exchange 2000 already. I know they are stopping Openmail support in the next year or so, should be busy time for you migrating the Openmail deployments. I know one place that sent their Openmail admins on Exchange 2000 course expecting them to come back and start deploying in three weeks, unfortunately they hadn't heard about AD ;o) Paul -Original Message- From: Siegfried Weber [mailto:[EMAIL PROTECTED]] Sent: 22 August 2001 15:19 To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it I've been OOF doing a training for HP Germany on how to migrate from OpenMail to Exchange 2000 ;-) Siegfried / -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 4:01 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it Well where have you been? We've been waiting for you to chime in! g -Original Message- From: Siegfried Weber [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 4:25 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it You don't need *any* C/C++ skills to change such a thing. The Microsoft Visual C++ IDE offers a way to open an .EXE or .DLL file as resource to change a string compiled into the file. That's what the discussion is talking about and that's how you could also change the mailbox warning messages which are stored in mdbres.dll IIRC. Siegfried / -Original Message- From: Matthew Western [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 1:12 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it Join the club. my C++ skills are non-existant... i don't think i'll be mucking around with the production server -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 22 August 2001 8:31 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it Nah. My event sink skills are limited to VBScript and some VB. I'm feeble in C++ beyond Hello World. William -Original Message- From: Matthew Western [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 21, 2001 4:05 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it ah, i thought you'd reply :) i just thougt it was an interesting read someone might find it useful... you change yours OK? anyway, , cheers -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 22 August 2001 8:25 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it All true. I'd want to play with it just cause I can. We know more about the script kiddies than they know about us. Oooo... Netcraft... It's the hackers I'd worry about, and they could care less what your port 25 telnet banner says. William Lefkovics, MCSE, A+ -Original Message- From: Matthew Western [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 21, 2001 3:55 PM To: MS-Exchange Admin Issues Subject: Exchange Banner editing - Interesting Article on the sercurity list - here's a summary for those who missed it Q: How do you change the Exchange banner that appears when you telnet to the exchange box on port 25?? I have heard that you must hex edit a .dll but do not know which .dll to edit?? Anyone know?? A: http://support.microsoft.com/support/kb/articles/q281/2/24.asp in e2k 5.5 I can speak only for version 5.5: For port 25, the strings that need to be edited (with something like WinHex) are found in /exchsrvr/connect/msexcimc/bin/msexcimc.exe. For port 110, the strings are in /exchsrvr/bin/store.exe. As pointed out, you will have to redo the strings after you apply a
RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it
Maybe not a bad approach to migrate Openmail to Exchange 5.5 and then 2000 after that, would give them time to sort out their AD design. The company that I was talking about has spent two years talking about AD design without any consideration on E2K, mail is managed by a team using HP-UX and Openmail who have never had to speak to the NT team, what are party that is! Paul -Original Message- From: Siegfried Weber [mailto:[EMAIL PROTECTED]] Sent: 22 August 2001 16:29 To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it From what I gathered at this workshop HP neither has Active Directory nor Exchange 2000 rolled out yet but do have quite a lot NT4/Exchange 5.5 deployment. So they start planning how to migrate all those stuff soon. Siegfried / -Original Message- From: Bendall, Paul [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 4:42 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it I thought HP had moved to Exchange 2000 already. I know they are stopping Openmail support in the next year or so, should be busy time for you migrating the Openmail deployments. I know one place that sent their Openmail admins on Exchange 2000 course expecting them to come back and start deploying in three weeks, unfortunately they hadn't heard about AD ;o) Paul -Original Message- From: Siegfried Weber [mailto:[EMAIL PROTECTED]] Sent: 22 August 2001 15:19 To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it I've been OOF doing a training for HP Germany on how to migrate from OpenMail to Exchange 2000 ;-) Siegfried / -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 4:01 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it Well where have you been? We've been waiting for you to chime in! g -Original Message- From: Siegfried Weber [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 4:25 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it You don't need *any* C/C++ skills to change such a thing. The Microsoft Visual C++ IDE offers a way to open an .EXE or .DLL file as resource to change a string compiled into the file. That's what the discussion is talking about and that's how you could also change the mailbox warning messages which are stored in mdbres.dll IIRC. Siegfried / -Original Message- From: Matthew Western [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 1:12 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it Join the club. my C++ skills are non-existant... i don't think i'll be mucking around with the production server -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 22 August 2001 8:31 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it Nah. My event sink skills are limited to VBScript and some VB. I'm feeble in C++ beyond Hello World. William -Original Message- From: Matthew Western [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 21, 2001 4:05 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it ah, i thought you'd reply :) i just thougt it was an interesting read someone might find it useful... you change yours OK? anyway, , cheers -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 22 August 2001 8:25 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it All true. I'd want to play with it just cause I can. We know more about the script kiddies than they know about us. Oooo... Netcraft... It's the hackers I'd worry about, and they could care less what your port 25 telnet banner says. William Lefkovics, MCSE, A+ -Original Message- From: Matthew Western [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 21, 2001 3:55 PM To: MS-Exchange Admin Issues Subject: Exchange Banner editing - Interesting Article on the sercurity list - here's a
RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it
That's exactly what was explained in the first half of this thread which appears on a different list. William -Original Message- From: Siegfried Weber [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 4:23 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it Hackers and SPAM'er don't care about what the banner tells. I've changed mine quite a while back and I still get NDR's from people who try to relay via my frontend SMTP Server (a plain Win2k SMTP used to forward all mail to the Exchange 2000 box in the internal network). Looks to me those guys are checking which commands are returned after a helo+help. That's IMHO the most interesting part because it returns the SMTP verbs supported and tells much more about the SMTP Server. Siegfried / -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 12:55 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it All true. I'd want to play with it just cause I can. We know more about the script kiddies than they know about us. Oooo... Netcraft... It's the hackers I'd worry about, and they could care less what your port 25 telnet banner says. William Lefkovics, MCSE, A+ -Original Message- From: Matthew Western [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 21, 2001 3:55 PM To: MS-Exchange Admin Issues Subject: Exchange Banner editing - Interesting Article on the sercurity list - here's a summary for those who missed it Q: How do you change the Exchange banner that appears when you telnet to the exchange box on port 25?? I have heard that you must hex edit a .dll but do not know which .dll to edit?? Anyone know?? A: http://support.microsoft.com/support/kb/articles/q281/2/24.asp in e2k 5.5 I can speak only for version 5.5: For port 25, the strings that need to be edited (with something like WinHex) are found in /exchsrvr/connect/msexcimc/bin/msexcimc.exe. For port 110, the strings are in /exchsrvr/bin/store.exe. As pointed out, you will have to redo the strings after you apply a service pack. Also, be careful editing store.exe. I strongly recommend knowledge of C programming for changing the strings since the printf parameters are found in the strings (i.e. %s, %i). If you overwrite the first one, you most likely will align a wrong argument (try printing a long with %s :) in which case the process calls the doctor (Watson that is). interesting post -- I wouldn't say that. Deception and misinformation has always been used in the intelligence community as part of their security posture enhancement. Yes, changing banners doesn't make you secure by fixing problems. Bugs don't go away. But banner grabbing is often done by automated tools, services (i.e. NetCraft), or individuals. Making it harder for them to identify your systems does increase security posture. (I have used this on MS IIS successfully. Netcraft had listed a site as running Koyote web server... hehe). Most of the rest is just noise. Matthew List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it
Heck, thanks William. Next time I'll RTFM first ;-) Siegfried / -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 5:43 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it That's exactly what was explained in the first half of this thread which appears on a different list. William -Original Message- From: Siegfried Weber [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 4:23 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it Hackers and SPAM'er don't care about what the banner tells. I've changed mine quite a while back and I still get NDR's from people who try to relay via my frontend SMTP Server (a plain Win2k SMTP used to forward all mail to the Exchange 2000 box in the internal network). Looks to me those guys are checking which commands are returned after a helo+help. That's IMHO the most interesting part because it returns the SMTP verbs supported and tells much more about the SMTP Server. Siegfried / -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 12:55 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it All true. I'd want to play with it just cause I can. We know more about the script kiddies than they know about us. Oooo... Netcraft... It's the hackers I'd worry about, and they could care less what your port 25 telnet banner says. William Lefkovics, MCSE, A+ -Original Message- From: Matthew Western [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 21, 2001 3:55 PM To: MS-Exchange Admin Issues Subject: Exchange Banner editing - Interesting Article on the sercurity list - here's a summary for those who missed it Q: How do you change the Exchange banner that appears when you telnet to the exchange box on port 25?? I have heard that you must hex edit a .dll but do not know which .dll to edit?? Anyone know?? A: http://support.microsoft.com/support/kb/articles/q281/2/24.asp in e2k 5.5 I can speak only for version 5.5: For port 25, the strings that need to be edited (with something like WinHex) are found in /exchsrvr/connect/msexcimc/bin/msexcimc.exe. For port 110, the strings are in /exchsrvr/bin/store.exe. As pointed out, you will have to redo the strings after you apply a service pack. Also, be careful editing store.exe. I strongly recommend knowledge of C programming for changing the strings since the printf parameters are found in the strings (i.e. %s, %i). If you overwrite the first one, you most likely will align a wrong argument (try printing a long with %s :) in which case the process calls the doctor (Watson that is). interesting post -- I wouldn't say that. Deception and misinformation has always been used in the intelligence community as part of their security posture enhancement. Yes, changing banners doesn't make you secure by fixing problems. Bugs don't go away. But banner grabbing is often done by automated tools, services (i.e. NetCraft), or individuals. Making it harder for them to identify your systems does increase security posture. (I have used this on MS IIS successfully. Netcraft had listed a site as running Koyote web server... hehe). Most of the rest is just noise. Matthew List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it
All true. I'd want to play with it just cause I can. We know more about the script kiddies than they know about us. Oooo... Netcraft... It's the hackers I'd worry about, and they could care less what your port 25 telnet banner says. William Lefkovics, MCSE, A+ -Original Message- From: Matthew Western [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 21, 2001 3:55 PM To: MS-Exchange Admin Issues Subject: Exchange Banner editing - Interesting Article on the sercurity list - here's a summary for those who missed it Q: How do you change the Exchange banner that appears when you telnet to the exchange box on port 25?? I have heard that you must hex edit a .dll but do not know which .dll to edit?? Anyone know?? A: http://support.microsoft.com/support/kb/articles/q281/2/24.asp in e2k 5.5 I can speak only for version 5.5: For port 25, the strings that need to be edited (with something like WinHex) are found in /exchsrvr/connect/msexcimc/bin/msexcimc.exe. For port 110, the strings are in /exchsrvr/bin/store.exe. As pointed out, you will have to redo the strings after you apply a service pack. Also, be careful editing store.exe. I strongly recommend knowledge of C programming for changing the strings since the printf parameters are found in the strings (i.e. %s, %i). If you overwrite the first one, you most likely will align a wrong argument (try printing a long with %s :) in which case the process calls the doctor (Watson that is). interesting post -- I wouldn't say that. Deception and misinformation has always been used in the intelligence community as part of their security posture enhancement. Yes, changing banners doesn't make you secure by fixing problems. Bugs don't go away. But banner grabbing is often done by automated tools, services (i.e. NetCraft), or individuals. Making it harder for them to identify your systems does increase security posture. (I have used this on MS IIS successfully. Netcraft had listed a site as running Koyote web server... hehe). Most of the rest is just noise. Matthew List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it
ah, i thought you'd reply :) i just thougt it was an interesting read someone might find it useful... you change yours OK? anyway, , cheers -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 22 August 2001 8:25 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it All true. I'd want to play with it just cause I can. We know more about the script kiddies than they know about us. Oooo... Netcraft... It's the hackers I'd worry about, and they could care less what your port 25 telnet banner says. William Lefkovics, MCSE, A+ -Original Message- From: Matthew Western [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 21, 2001 3:55 PM To: MS-Exchange Admin Issues Subject: Exchange Banner editing - Interesting Article on the sercurity list - here's a summary for those who missed it Q: How do you change the Exchange banner that appears when you telnet to the exchange box on port 25?? I have heard that you must hex edit a .dll but do not know which .dll to edit?? Anyone know?? A: http://support.microsoft.com/support/kb/articles/q281/2/24.asp in e2k 5.5 I can speak only for version 5.5: For port 25, the strings that need to be edited (with something like WinHex) are found in /exchsrvr/connect/msexcimc/bin/msexcimc.exe. For port 110, the strings are in /exchsrvr/bin/store.exe. As pointed out, you will have to redo the strings after you apply a service pack. Also, be careful editing store.exe. I strongly recommend knowledge of C programming for changing the strings since the printf parameters are found in the strings (i.e. %s, %i). If you overwrite the first one, you most likely will align a wrong argument (try printing a long with %s :) in which case the process calls the doctor (Watson that is). interesting post -- I wouldn't say that. Deception and misinformation has always been used in the intelligence community as part of their security posture enhancement. Yes, changing banners doesn't make you secure by fixing problems. Bugs don't go away. But banner grabbing is often done by automated tools, services (i.e. NetCraft), or individuals. Making it harder for them to identify your systems does increase security posture. (I have used this on MS IIS successfully. Netcraft had listed a site as running Koyote web server... hehe). Most of the rest is just noise. Matthew List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it
Nah. My event sink skills are limited to VBScript and some VB. I'm feeble in C++ beyond Hello World. William -Original Message- From: Matthew Western [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 21, 2001 4:05 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it ah, i thought you'd reply :) i just thougt it was an interesting read someone might find it useful... you change yours OK? anyway, , cheers -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 22 August 2001 8:25 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it All true. I'd want to play with it just cause I can. We know more about the script kiddies than they know about us. Oooo... Netcraft... It's the hackers I'd worry about, and they could care less what your port 25 telnet banner says. William Lefkovics, MCSE, A+ -Original Message- From: Matthew Western [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 21, 2001 3:55 PM To: MS-Exchange Admin Issues Subject: Exchange Banner editing - Interesting Article on the sercurity list - here's a summary for those who missed it Q: How do you change the Exchange banner that appears when you telnet to the exchange box on port 25?? I have heard that you must hex edit a .dll but do not know which .dll to edit?? Anyone know?? A: http://support.microsoft.com/support/kb/articles/q281/2/24.asp in e2k 5.5 I can speak only for version 5.5: For port 25, the strings that need to be edited (with something like WinHex) are found in /exchsrvr/connect/msexcimc/bin/msexcimc.exe. For port 110, the strings are in /exchsrvr/bin/store.exe. As pointed out, you will have to redo the strings after you apply a service pack. Also, be careful editing store.exe. I strongly recommend knowledge of C programming for changing the strings since the printf parameters are found in the strings (i.e. %s, %i). If you overwrite the first one, you most likely will align a wrong argument (try printing a long with %s :) in which case the process calls the doctor (Watson that is). interesting post -- I wouldn't say that. Deception and misinformation has always been used in the intelligence community as part of their security posture enhancement. Yes, changing banners doesn't make you secure by fixing problems. Bugs don't go away. But banner grabbing is often done by automated tools, services (i.e. NetCraft), or individuals. Making it harder for them to identify your systems does increase security posture. (I have used this on MS IIS successfully. Netcraft had listed a site as running Koyote web server... hehe). Most of the rest is just noise. Matthew List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it
Join the club. my C++ skills are non-existant... i don't think i'll be mucking around with the production server -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 22 August 2001 8:31 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it Nah. My event sink skills are limited to VBScript and some VB. I'm feeble in C++ beyond Hello World. William -Original Message- From: Matthew Western [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 21, 2001 4:05 PM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it ah, i thought you'd reply :) i just thougt it was an interesting read someone might find it useful... you change yours OK? anyway, , cheers -Original Message- From: Lefkovics, William [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 22 August 2001 8:25 AM To: MS-Exchange Admin Issues Subject: RE: Exchange Banner editing - Interesting Article on the sercurit y list - here's a summary for those who missed it All true. I'd want to play with it just cause I can. We know more about the script kiddies than they know about us. Oooo... Netcraft... It's the hackers I'd worry about, and they could care less what your port 25 telnet banner says. William Lefkovics, MCSE, A+ -Original Message- From: Matthew Western [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 21, 2001 3:55 PM To: MS-Exchange Admin Issues Subject: Exchange Banner editing - Interesting Article on the sercurity list - here's a summary for those who missed it Q: How do you change the Exchange banner that appears when you telnet to the exchange box on port 25?? I have heard that you must hex edit a .dll but do not know which .dll to edit?? Anyone know?? A: http://support.microsoft.com/support/kb/articles/q281/2/24.asp in e2k 5.5 I can speak only for version 5.5: For port 25, the strings that need to be edited (with something like WinHex) are found in /exchsrvr/connect/msexcimc/bin/msexcimc.exe. For port 110, the strings are in /exchsrvr/bin/store.exe. As pointed out, you will have to redo the strings after you apply a service pack. Also, be careful editing store.exe. I strongly recommend knowledge of C programming for changing the strings since the printf parameters are found in the strings (i.e. %s, %i). If you overwrite the first one, you most likely will align a wrong argument (try printing a long with %s :) in which case the process calls the doctor (Watson that is). interesting post -- I wouldn't say that. Deception and misinformation has always been used in the intelligence community as part of their security posture enhancement. Yes, changing banners doesn't make you secure by fixing problems. Bugs don't go away. But banner grabbing is often done by automated tools, services (i.e. NetCraft), or individuals. Making it harder for them to identify your systems does increase security posture. (I have used this on MS IIS successfully. Netcraft had listed a site as running Koyote web server... hehe). Most of the rest is just noise. Matthew List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
