honeypot: how to simulate TNEF (exchangeserver) ?
Results 1 to 6 of 6

Thread: honeypot: how to simulate TNEF (exchangeserver) ?

  1. #1
    Senior Member
    Join Date
    Aug 2003
    Posts
    185

    honeypot: how to simulate TNEF (exchangeserver) ?

    i'm running a honeypot simulating a w2k exchangeserver
    but how will i be able to check out and analyze TNEF (winmail.dat)
    and record possibly bad attachment ?
    thx .
    Industry Kills Music.

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    That would depend on the honetpot really but it strikes me that if you don't have an example of the exploit code, a signature if you will, then it will be very hard to determine whether you caught the little bugger or not.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    Senior Member
    Join Date
    Oct 2001
    Posts
    748

    Re: honeypot: how to simulate TNEF (exchangeserver) ?

    Originally posted here by stanger
    i'm running a honeypot simulating a w2k exchangeserver
    but how will i be able to check out and analyze TNEF (winmail.dat)
    and record possibly bad attachment ?
    thx .
    What exactly are you wanting to check? You can write Exchange event sinks and do whatever you want at a database or protocol level.

    http://www.codeproject.com/csharp/Cs...SinksHooks.asp

    http://support.microsoft.com/kb/313404/en-us

    http://support.microsoft.com/kb/288156/en-us

  4. #4
    Senior Member
    Join Date
    Oct 2001
    Posts
    748

    Re: honeypot: how to simulate TNEF (exchangeserver) ?

    Originally posted here by stanger
    i'm running a honeypot simulating a w2k exchangeserver
    but how will i be able to check out and analyze TNEF (winmail.dat)
    and record possibly bad attachment ?
    thx .
    What exactly are you wanting to check? You can write Exchange event sinks and do whatever you want at a database or protocol level.

    http://www.codeproject.com/csharp/Cs...SinksHooks.asp

    http://support.microsoft.com/kb/313404/en-us

    http://support.microsoft.com/kb/288156/en-us

  5. #5
    Senior Member
    Join Date
    Aug 2003
    Posts
    185
    thank you for reply
    i'm running honeyd 1.0 on linux using modified exchange-scripts
    i'm able to connect and send data
    everything will get logged
    i would like to dump the DATA to $mimetype (or whatever)
    now i need such a encapsulated message that would cause a winmail.dat file
    i have to know the difference using multilingual versions
    may be it's just another UTF encoding problem `?
    ...just ideas
    i want to learn. and need little help forcing me to find the right way

    however , sry for bad english
    Industry Kills Music.

  6. #6
    Senior Member
    Join Date
    Aug 2003
    Posts
    185
    thank you for reply
    i'm running honeyd 1.0 on linux using modified exchange-scripts
    i'm able to connect and send data
    everything will get logged
    i would like to dump the DATA to $mimetype (or whatever)
    now i need such a encapsulated message that would cause a winmail.dat file
    i have to know the difference using multilingual versions
    may be it's just another UTF encoding problem `?
    ...just ideas
    i want to learn. and need little help forcing me to find the right way

    however , sry for bad english
    Industry Kills Music.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •