[Cialug] SMTP Proxy

Josh More MoreJ at alliancetechnologies.net
Sun Aug 29 11:11:03 CDT 2010 

My feeling is that unless you're doing something stupid with it, netcat isn't going to let an attacker in.  Sure, it's useful to an attacker if they manage to get in, but if they do manage to get in, it's trivial to upload their own netcat *.  In fact, most of the attacker tools do this for you as a point and click operation.

You might as well take the benefit from netcat, otherwise it's just useful to the attackers.

* Note:  If you're running a fully hardened system with SELinux or AppArmor, this is reduced.

-Josh More, CISSP, GIAC-GSLC, GIAC-GCIH, RHCE, NCLP
morej at alliancetechnologies.net
515-245-7701

________________________________________
From: cialug-bounces at cialug.org [cialug-bounces at cialug.org] on behalf of Tom Pohl [tom at tcpconsulting.com]
Sent: Saturday, August 28, 2010 21:24
To: Central Iowa Linux Users Group
Subject: Re: [Cialug] SMTP Proxy

I don't know your feelings, but that is one of the binaries I like to keep off my machines because if a bad guy wants to get in, having netcat already available is a wet dream :)

I definitely agree that adding the old IP to the new server is a good option if possible!

Thanks!
-Tom


On Aug 27, 2010, at 9:24 PM, Josh More wrote:

> Drifting off topic...
>
> It's probably broken in most distros because you can do the same with netcat (nc on some distros), so redir may not be well maintained.
>
> You can do all sorts of wacky fun with netcat.
>
> -Josh More, CISSP, GIAC-GSLC, GIAC-GCIH, RHCE, NCLP
> morej at alliancetechnologies.net
> 515-245-7701
>
> ________________________________________
> From: cialug-bounces at cialug.org [cialug-bounces at cialug.org] on behalf of Tom Pohl [tom at tcpconsulting.com]
> Sent: Friday, August 27, 2010 21:23
> To: Central Iowa Linux Users Group
> Subject: Re: [Cialug] SMTP Proxy
>
> For simple redirection like this I use a tiny little program called redir that will allow you to listen on a TCP port and connect to another ip on another port. I would compile it by hand because I have found it to be broken on most distributions.
>
> -Tom
>
>
> On Aug 27, 2010, at 6:48 PM, "Nathan C. Smith" <nathan.smith at ipmvs.com> wrote:
>
>> Can anyone recommend an SMTP proxy?   This is for my internal network.  I want all email sent to x.x.x.x to go to y.y.y.y because x.x.x.x is being decommissioned and instead of trusting DNS I used IP addresses.  ;-)
>>
>> I don't need anything done to the messages and no authentication is in use, so I think I'm looking for something really basic.  Until I learn to stop worrying and trust DNS.
>>
>>
>> Thanks.
>>
>> -Nate
>> _______________________________________________
>> Cialug mailing list
>> Cialug at cialug.org
>> http://cialug.org/mailman/listinfo/cialug
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug

_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug

More information about the Cialug mailing list