i'm running a honeypot simulating a w2k exchangeserver
but how will i be able to check out and analyze TNEF (winmail.dat)
and record possibly bad attachment ?
thx .
Printable View
i'm running a honeypot simulating a w2k exchangeserver
but how will i be able to check out and analyze TNEF (winmail.dat)
and record possibly bad attachment ?
thx .
That would depend on the honetpot really but it strikes me that if you don't have an example of the exploit code, a signature if you will, then it will be very hard to determine whether you caught the little bugger or not.
What exactly are you wanting to check? You can write Exchange event sinks and do whatever you want at a database or protocol level.Quote:
Originally posted here by stanger
i'm running a honeypot simulating a w2k exchangeserver
but how will i be able to check out and analyze TNEF (winmail.dat)
and record possibly bad attachment ?
thx .
http://www.codeproject.com/csharp/Cs...SinksHooks.asp
http://support.microsoft.com/kb/313404/en-us
http://support.microsoft.com/kb/288156/en-us
What exactly are you wanting to check? You can write Exchange event sinks and do whatever you want at a database or protocol level.Quote:
Originally posted here by stanger
i'm running a honeypot simulating a w2k exchangeserver
but how will i be able to check out and analyze TNEF (winmail.dat)
and record possibly bad attachment ?
thx .
http://www.codeproject.com/csharp/Cs...SinksHooks.asp
http://support.microsoft.com/kb/313404/en-us
http://support.microsoft.com/kb/288156/en-us
thank you for reply
i'm running honeyd 1.0 on linux using modified exchange-scripts
i'm able to connect and send data
everything will get logged
i would like to dump the DATA to $mimetype (or whatever)
now i need such a encapsulated message that would cause a winmail.dat file
i have to know the difference using multilingual versions
may be it's just another UTF encoding problem `?
...just ideas
i want to learn. and need little help forcing me to find the right way
however , sry for bad english
thank you for reply
i'm running honeyd 1.0 on linux using modified exchange-scripts
i'm able to connect and send data
everything will get logged
i would like to dump the DATA to $mimetype (or whatever)
now i need such a encapsulated message that would cause a winmail.dat file
i have to know the difference using multilingual versions
may be it's just another UTF encoding problem `?
...just ideas
i want to learn. and need little help forcing me to find the right way
however , sry for bad english