So the pix allows the 7 command in RFC 821 section 4.5.1-- DATA HELO MAIL NOOP QUIT RCPT RSET
If a remote client sends ESMTP it converts it to a NOOP command and sends it to the firewall... And it also analyses the data payload and if it finds an invalid request it will remove the command or send a NOOP to the server. The PIX will respond with xxxx's in the SMTP version if you do a telnet... So it's a packet filter with application inspection... right..?? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 18, 2003 10:20 AM To: Perrymon, Josh L. Cc: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] Sidewinder G2 On Tue, 18 Nov 2003 09:49:52 CST, "Perrymon, Josh L." said: > The cisco PIX doesn't run the actual SMTP service. The problem would be in > the Fixup for the SMTP protocol. Hmm.. so we *don't* actually do SMTP, we merely screw with the bits in passing even more than an actual SMTP relay would do (as it would just slap on a Received: and keep going). It answers a SYN packet on port 25, it sends a distinctive '220 hello' reply different than what might be behind it, it accepts EHLO/MAIL FROM/RCPT TO/DATA/QUIT, it isn't merely tunneling packets to a server behind the firewall. Pedantic sophistry at its best. It's an SMTP server, guys. Looks like a duck, quacks like a duck, and slapping a "this is a Fixup not a Server" label on it isn't gonna remove the duck feathers. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
