Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. plugins
W2k Esmtp disconnects from NASL script.
swsmith at delmar
Mar 8, 2006, 9:25 AM
Post #1 of 4 (1569 views)
Permalink
Good Morning;

Consider the following NASL code fragment:

*
*
*
open_sock_tcp(smtp_port); # port 25
if( !soc )
display("Dead socket!\n");

# Reference 1
data = recv(socket: soc, length: 2048, timeout:20);
display(data);

# Reference 2
send(socket:soc, data: string("HELO Mydomain.com"+'\n'));
data = recv(socket: soc, length: 2048, timeout:20);
display(data);
*
*
*

Now, it works fine against a Sendmail server; however, when I run it
against an ESMTP server (Win 2K is the test server), the code acheives
"Reference 1" and displays the login banner. When I get to "Reference 2",
the socket is as dead as a post.

I can telnet to the server and issue the "HELO" just fine. I can also
configure a client such as Evolution and it works perfectly. When I
inspect the server log, I see that the NASL script's connection was
established followed by an immediate "QUIT" that I didn't send. The
"recv" following "Reference 2" times out and no data are displayed.

I don't know where to begin looking for a solution. My guess is that the
Win 2K ESMTP server may be detecting the client and closing if it's
unrecognized. (???)

Steven W. Smith
Del Mar College,
Corpus Christi, TX


_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers
Re: W2k Esmtp disconnects from NASL script. [ In reply to ]
theall at tenablesecurity
Mar 8, 2006, 2:04 PM
Post #2 of 4 (1502 views)
Permalink
On Wed, Mar 08, 2006 at 11:25:38AM -0600, Steven W Smith wrote:

> # Reference 1
> data = recv(socket: soc, length: 2048, timeout:20);
> display(data);
>
> # Reference 2
> send(socket:soc, data: string("HELO Mydomain.com"+'\n'));
> data = recv(socket: soc, length: 2048, timeout:20);
> display(data);
...
> Now, it works fine against a Sendmail server; however, when I run it
> against an ESMTP server (Win 2K is the test server), the code acheives
> "Reference 1" and displays the login banner. When I get to "Reference 2",
> the socket is as dead as a post.

Define "dead as a post". Has the socket been closed or do you just fail
to get a response from recv()?

> I can telnet to the server and issue the "HELO" just fine. I can also
> configure a client such as Evolution and it works perfectly. When I
> inspect the server log, I see that the NASL script's connection was
> established followed by an immediate "QUIT" that I didn't send. The
> "recv" following "Reference 2" times out and no data are displayed.

Have you verified what's actually sent with a packet dump? Do you have a
firewall in front of the Win 2K server that is filtering traffic to the
SMTP port?

> I don't know where to begin looking for a solution.

RFC 821 specifies that lines end with CR/LF. Assuming you're not leaving
out the linefeed on purpose, perhaps the creators of your SMTP server
didn't know about the old maxim about "be generous in what you accept".


George
--
theall@tenablesecurity.com
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers
Re: W2k Esmtp disconnects from NASL script. [ In reply to ]
swsmith at delmar
Mar 11, 2006, 6:51 AM
Post #3 of 4 (1499 views)
Permalink
plugins-writers-bounces@list.nessus.org wrote on 03/09/2006 11:00:06 AM:


> Message: 2
> Date: Wed, 08 Mar 2006 17:04:23 -0500
> From: "George A. Theall" <theall@tenablesecurity.com>
> Subject: Re: [Plugins-writers] W2k Esmtp disconnects from NASL script.
> To: plugins-writers@list.nessus.org
> Message-ID: <440F54E7.6000608@tenablesecurity.com>
> Content-Type: text/plain; charset=us-ascii
>

> > I can telnet to the server and issue the "HELO" just fine. I can also

> > configure a client such as Evolution and it works perfectly. When I
> > inspect the server log, I see that the NASL script's connection was
> > established followed by an immediate "QUIT" that I didn't send. The
> > "recv" following "Reference 2" times out and no data are displayed.
>
> Have you verified what's actually sent with a packet dump? Do you have a
> firewall in front of the Win 2K server that is filtering traffic to the
> SMTP port?

1) Yes ... 2) no. Wouldn't that prevent a client connection from the
likes of "Evolution"?

>
> RFC 821 specifies that lines end with CR/LF. Assuming you're not leaving
> out the linefeed on purpose, perhaps the creators of your SMTP server
> didn't know about the old maxim about "be generous in what you accept".

OK, that's most likely the culprit. Thanks.

Smith
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers
Re: W2k Esmtp disconnects from NASL script. [ In reply to ]
swsmith at delmar
Mar 11, 2006, 7:27 AM
Post #4 of 4 (1490 views)
Permalink
> RFC 821 specifies that lines end with CR/LF. Assuming you're not leaving
> out the linefeed on purpose, perhaps the creators of your SMTP server
> didn't know about the old maxim about "be generous in what you accept".
>
>
> George

B'golly! That fixed it!!! Sometimes another pair of eyes sees the
obvious detail that the first missed!

Smith
swsmith@delmar.delete_this.edu

_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal