|
-
January 11th, 2006, 07:29 AM
#1
Senior Member
honeypot: how to simulate TNEF (exchangeserver) ?
i'm running a honeypot simulating a w2k exchangeserver
but how will i be able to check out and analyze TNEF (winmail.dat)
and record possibly bad attachment ?
thx .
-
January 11th, 2006, 02:58 PM
#2
That would depend on the honetpot really but it strikes me that if you don't have an example of the exploit code, a signature if you will, then it will be very hard to determine whether you caught the little bugger or not.
Don\'t SYN us.... We\'ll SYN you..... 
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
January 12th, 2006, 09:44 PM
#3
Re: honeypot: how to simulate TNEF (exchangeserver) ?
Originally posted here by stanger
i'm running a honeypot simulating a w2k exchangeserver
but how will i be able to check out and analyze TNEF (winmail.dat)
and record possibly bad attachment ?
thx .
What exactly are you wanting to check? You can write Exchange event sinks and do whatever you want at a database or protocol level.
http://www.codeproject.com/csharp/Cs...SinksHooks.asp
http://support.microsoft.com/kb/313404/en-us
http://support.microsoft.com/kb/288156/en-us
-
January 12th, 2006, 09:44 PM
#4
Re: honeypot: how to simulate TNEF (exchangeserver) ?
Originally posted here by stanger
i'm running a honeypot simulating a w2k exchangeserver
but how will i be able to check out and analyze TNEF (winmail.dat)
and record possibly bad attachment ?
thx .
What exactly are you wanting to check? You can write Exchange event sinks and do whatever you want at a database or protocol level.
http://www.codeproject.com/csharp/Cs...SinksHooks.asp
http://support.microsoft.com/kb/313404/en-us
http://support.microsoft.com/kb/288156/en-us
-
January 16th, 2006, 10:27 AM
#5
Senior Member
thank you for reply
i'm running honeyd 1.0 on linux using modified exchange-scripts
i'm able to connect and send data
everything will get logged
i would like to dump the DATA to $mimetype (or whatever)
now i need such a encapsulated message that would cause a winmail.dat file
i have to know the difference using multilingual versions
may be it's just another UTF encoding problem `?
...just ideas
i want to learn. and need little help forcing me to find the right way
however , sry for bad english
-
January 16th, 2006, 10:27 AM
#6
Senior Member
thank you for reply
i'm running honeyd 1.0 on linux using modified exchange-scripts
i'm able to connect and send data
everything will get logged
i would like to dump the DATA to $mimetype (or whatever)
now i need such a encapsulated message that would cause a winmail.dat file
i have to know the difference using multilingual versions
may be it's just another UTF encoding problem `?
...just ideas
i want to learn. and need little help forcing me to find the right way
however , sry for bad english
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
