On Thu, Jul 30, 2015 at 09:09:17PM +0200, Aaron Zauner wrote:
> We'll take a look into that in the future!
>
> >
> > I have a reasonable dataset of IPs (from January), but not the
> > bandwidth (or software on hand) to repeat the scan.
> >
>
> There's two options which we can work out rather quickly to set this up;
> either integrate support for SMTP and STARTTLS messaging in `masscan`,
> or write a simple plugin to `sslyze` to perform such scans. I don't have
> an exchange 2003 server I can test this against during development though.
FWIW here's a sample problem server (name and IP of guilty party
sent off-list only):
$ posttls-finger -o 'tls_medium_cipherlist=3DES' amnesiac.example
posttls-finger: Connected to amnesiac.example[192.0.2.1]:25
posttls-finger: < 220 amnesiac.example Microsoft ESMTP MAIL Service,
Version: 6.0.3790.4675 ready at Thu, 30 Jul 2015 22:15:28 +0000
posttls-finger: > EHLO amnesiac.local
posttls-finger: < 250-amnesiac.example Hello [192.0.2.2]
posttls-finger: < 250-TURN
posttls-finger: < 250-SIZE
posttls-finger: < 250-ETRN
posttls-finger: < 250-PIPELINING
posttls-finger: < 250-DSN
posttls-finger: < 250-ENHANCEDSTATUSCODES
posttls-finger: < 250-8bitmime
posttls-finger: < 250-BINARYMIME
posttls-finger: < 250-CHUNKING
posttls-finger: < 250-VRFY
posttls-finger: < 250-TLS
posttls-finger: < 250-STARTTLS
posttls-finger: < 250 OK
posttls-finger: > STARTTLS
posttls-finger: < 220 2.0.0 SMTP server ready
posttls-finger: amnesiac.example[192.0.2.1]:25: Matched subjectAltName:
*.example
posttls-finger: amnesiac.example[192.0.2.1]:25: subjectAltName: example
posttls-finger: amnesiac.example[192.0.2.1]:25 CommonName *.example
posttls-finger: server certificate verification failed for
amnesiac.example[192.0.2.1]:25: certificate has expired
posttls-finger: Untrusted TLS connection established to
amnesiac.example[192.0.2.1]:25: TLSv1 with cipher DES-CBC3-SHA (112/168 bits)
posttls-finger: > EHLO amnesiac.local
posttls-finger: < 250-amnesiac.example Hello [192.0.2.2]
posttls-finger: < 250-TURN
posttls-finger: < 250-SIZE
posttls-finger: < 250-ETRN
posttls-finger: < 250-PIPELINING
posttls-finger: < 250-DSN
posttls-finger: < 250-ENHANCEDSTATUSCODES
posttls-finger: < 250-8bitmime
posttls-finger: < 250-BINARYMIME
posttls-finger: < 250-CHUNKING
posttls-finger: < 250-VRFY
posttls-finger: < 250 OK
posttls-finger: > QUIT
posttls-finger: warning: TLS library problem: error:1408F10B:SSL
routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:362:
posttls-finger: warning: lost connection while sending QUIT command
The QUIT command sees a bad TLS packet because the preceding (inner)
EHLO command elicited a packet with extraneous padding, which messes
up the next response from the server.
The same server just hangs up (no alerts) if neither RC4 nor 3DES
are in the first 64 ciphersuites.
--
Viktor.
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
