[NANOG] Microsoft.com PMTUD black hole?

Tony Finch dot at dotat.at
Thu May 8 12:54:41 UTC 2008


On Wed, 7 May 2008, Deepak Jain wrote:
>
> I know of a tool that a major financial institution uses when certifying
> your networks security -- that scrapes the version number from your
> ESTMP banner to decide whether you comply or not (and other banners).
> (Rather than actually testing for a specific vulnerability). Simply
> blocking all of these packets from their test host gives you a high
> passing score; possibly a perfect one. [Irony and humor aside...]

Cisco PIX/ASA firewalls in SMTP fuxup mode are so incredibly broken.
Possibly the worst SMTP implementation ever.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
FISHER GERMAN BIGHT: VARIABLE 3, BUT EASTERLY 4 OR 5 IN SOUTH GERMAN BIGHT.
SLIGHT. FOG PATCHES. MODERATE OR GOOD, OCCASIONALLY VERY POOR.




More information about the NANOG mailing list