[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Scanner
Hello all.
I am trying to setup a virus scanner that listens on port 25, traps the
e-mail, scans it and then passes it on to a pre-defined mail server for
local delivery.
I've installed the scanner, but when I try to telnet port 25 for a banner,
the connection is closed after a connection has been extablished. It's quite
odd. It won't accept outgoing e-mail either.
I have run strace against the telnet command, and need some help trying to
understand the output. System is SuSE Linux with kernel 2.4.19.
---------------------------------------------------------------------
# strace telnet 216.104.200.15 25
execve("/usr/bin/telnet", ["telnet", "216.104.200.15", "25"], [/* 54 vars
*/]) = 0
uname({sys="Linux", node="mm", ...}) = 0
brk(0) = 0x8066308
open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=54160, ...}) = 0
old_mmap(NULL, 54160, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40014000
close(3) = 0
open("/lib/libncurses.so.5", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\357\0"..., 1024) =
1024
fstat64(3, {st_mode=S_IFREG|0755, st_size=307598, ...}) = 0
old_mmap(NULL, 273516, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40022000
mprotect(0x40059000, 48236, PROT_NONE) = 0
old_mmap(0x40059000, 49152, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3,
0x36000) = 0x40059000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20\206"..., 1024) =
1024
fstat64(3, {st_mode=S_IFREG|0755, st_size=1321674, ...}) = 0
old_mmap(NULL, 1178784, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40065000
mprotect(0x4017b000, 40096, PROT_NONE) = 0
old_mmap(0x4017b000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3,
0x115000) = 0x4017b000
old_mmap(0x40181000, 15520, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40181000
close(3) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x40185000
munmap(0x40014000, 54160) = 0
brk(0) = 0x8066308
brk(0x8066338) = 0x8066338
brk(0x8067000) = 0x8067000
brk(0x8068000) = 0x8068000
ioctl(0, TCGETS, {B38400 opost isig icanon echo ...}) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
socket(PF_UNIX, SOCK_STREAM, 0) = 3
connect(3, {sin_family=AF_UNIX, path="/var/run/.nscd_socket"}, 110) = 0
write(3, "\2\0\0\0\6\0\0\0\4\0\0\0", 12) = 12
write(3, "\330h\310\17", 4) = 4
read(3, "\2\0\0\0\377\377\377\377\0\0\0\0\0\0\0\0\377\377\377\377"..., 32) =
32
close(3) = 0
open("/etc/nsswitch.conf", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=1346, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x40014000
read(3, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1346
read(3, "", 4096) = 0
close(3) = 0
munmap(0x40014000, 4096) = 0
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=54160, ...}) = 0
old_mmap(NULL, 54160, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40014000
close(3) = 0
open("/lib/libnss_files.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\35"..., 1024) =
1024
fstat64(3, {st_mode=S_IFREG|0755, st_size=44383, ...}) = 0
old_mmap(NULL, 40584, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40186000
mprotect(0x4018f000, 3720, PROT_NONE) = 0
old_mmap(0x4018f000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3,
0x8000) = 0x4018f000
close(3) = 0
munmap(0x40014000, 54160) = 0
gettimeofday({1045649066, 438107}, NULL) = 0
getpid() = 9525
open("/etc/resolv.conf", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=77, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x40014000
read(3, "nameserver 216.104.200.8\nnameser"..., 4096) = 77
read(3, "", 4096) = 0
close(3) = 0
munmap(0x40014000, 4096) = 0
open("/etc/host.conf", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=370, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x40014000
read(3, "#\n# /etc/host.conf - resolver co"..., 4096) = 370
read(3, "", 4096) = 0
close(3) = 0
munmap(0x40014000, 4096) = 0
open("/etc/hosts", O_RDONLY) = 3
fcntl64(3, F_GETFD) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=734, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x40014000
read(3, "#\n# hosts This file desc"..., 4096) = 734
close(3) = 0
munmap(0x40014000, 4096) = 0
brk(0x8069000) = 0x8069000
open("/etc/services", O_RDONLY) = 3
fcntl64(3, F_GETFD) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=304772, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x40014000
read(3, "#\n# Network services, Internet s"..., 4096) = 4096
close(3) = 0
munmap(0x40014000, 4096) = 0
open("/etc/services", O_RDONLY) = 3
fcntl64(3, F_GETFD) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=304772, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x40014000
read(3, "#\n# Network services, Internet s"..., 4096) = 4096
read(3, "assigned\ndsp\t\t33/tcp\t\t# Display "..., 4096) = 4096
read(3, "-ml-dev\t83/tcp\t\t# MIT ML Device\n"..., 4096) = 4096
read(3, "er\nlocus-con\t127/udp\t\t# Locus PC"..., 4096) = 4096
read(3, "dp\t\t# OCServer\nremote-kis\t185/tc"..., 4096) = 4096
read(3, "served\nrap\t\t256/tcp\t\t# RAP\nrap\t\t"..., 4096) = 4096
read(3, "oi2odialog\t360/udp\t\t# scoi2odial"..., 4096) = 4096
read(3, "2/tcp\t\t# Trap Convention Port\nsy"..., 4096) = 4096
read(3, "70/udp\t\t# scx-proxy\nmondex\t\t471/"..., 4096) = 4096
read(3, "rtunately, doesn\'t\n# "..., 4096) = 4096
read(3, "\nbanyan-vip\t573/tcp\t\t# banyan-vi"..., 4096) = 4096
read(3, "/tcp\t\t# RDA\nrda\t\t630/udp\t\t# RDA\n"..., 4096) = 4096
read(3, "MS Exchange Routing\nmsexch-routi"..., 4096) = 4096
read(3, "Tion server info\niclcnet_svinfo\t"..., 4096) = 4096
read(3, "ma-vnet\t1051/tcp\t# Optima VNET\no"..., 4096) = 4096
read(3, "/udp\t# ADOBE SERVER 2\nxrl\t\t1104/"..., 4096) = 4096
read(3, "vell ZFS\nnovell-zfs\t1229/udp\t# N"..., 4096) = 4096
read(3, "/tcp\t# dsdn\ndsdn\t\t1292/udp\t# dsd"..., 4096) = 4096
read(3, "(MIT)\nequationbuilder\t1351/udp\t#"..., 4096) = 4096
read(3, "1397/tcp\t# Audio Active Mail\naud"..., 4096) = 4096
read(3, "ineering Software\nies-lm\t\t1443/u"..., 4096) = 4096
read(3, "netmap_lm\nnetmap_lm\t1493/udp\t# n"..., 4096) = 4096
read(3, "n R. Chawner +1 817 354-1004\nsim"..., 4096) = 4096
read(3, "ices\nsimbaservices\t1599/udp\t# si"..., 4096) = 4096
read(3, "\nstargatealerts\t1654/udp\t# starg"..., 4096) = 4096
read(3, "esource monitoring service\nregis"..., 4096) = 4096
read(3, "p\t# bmc-net-adm\nbmc-net-svc\t1770"..., 4096) = 4096
read(3, "\nasi\t\t1827/tcp\t# ASI\nasi\t\t1827/u"..., 4096) = 4096
read(3, "eoip\t\t1886/udp\t# Leonardo over I"..., 4096) = 4096
read(3, "client\t1938/tcp\t# JetVWay Client"..., 4096) = 4096
read(3, "o STUN Priority 2 port\nstun-p3\t\t"..., 4096) = 4096
read(3, "ICG SWP Port\nicg-swp\t\t2062/udp\t#"..., 4096) = 4096
read(3, "orks CP\nscientia-ssdb\t2121/tcp\t#"..., 4096) = 4096
read(3, "233/udp\t# INFOCRYPT\ndirectplay\t2"..., 4096) = 4096
read(3, "tocol)\ncr-websystems\t2314/tcp\t# "..., 4096) = 4096
read(3, "mpaq HTTPS\ncompaq-https\t2381/udp"..., 4096) = 4096
read(3, "w-inet\t2441/tcp\t# pvsw-inet\npvsw"..., 4096) = 4096
read(3, " ODN-CasTraq\nunicontrol\t2499/tcp"..., 4096) = 4096
read(3, "# PCLE Multi Media\npclemultimedi"..., 4096) = 4096
read(3, "e-com\t2618/udp\t# Priority E-Com\n"..., 4096) = 4096
read(3, "etgate2way\t2678/udp\t# Gadget Gat"..., 4096) = 4096
read(3, "NMS SRV\nsrp-feedback\t2737/tcp\t# "..., 4096) = 4096
read(3, "01/tcp\t# IGCP\nigcp\t\t2801/udp\t# I"..., 4096) = 4096
read(3, "/tcp\t# iwlistener\niwlistener\t286"..., 4096) = 4096
read(3, " (FRP-Released 12/7/00)\nmobile-f"..., 4096) = 4096
read(3, "5/tcp\t# HPIDSAGENT\nhpidsagent\t29"..., 4096) = 4096
read(3, "ntak UPS\ncogitate\t3039/tcp\t# Cog"..., 4096) = 4096
read(3, "ndevous port\npanasas\t\t3095/udp\t#"..., 4096) = 4096
read(3, "\t# bears-02\nbears-02\t3146/udp\t# "..., 4096) = 4096
read(3, "Control Unit\nembrace-dp-s\t3197/t"..., 4096) = 4096
read(3, " 3241/udp \t# SysOrb Mo"..., 4096) = 4096
read(3, "\nfg-gip\t\t3294/tcp\t# fg-gip\nfg-gi"..., 4096) = 4096
read(3, "355/udp\t# Ordinox Dbase\nupnotify"..., 4096) = 4096
read(3, "SSL Event\nbiolink-auth 3411/t"..., 4096) = 4096
read(3, "52/udp\t# SABP-Signalling Protoco"..., 4096) = 4096
read(3, "over tls\nseclayer-tls 3496/ud"..., 4096) = 4096
read(3, "p\t# LispWorks ORB\n# "..., 4096) = 4096
read(3, " Ubiquinox Daemon\nubxd\t\t4034/udp"..., 4096) = 4096
read(3, "gentmgr\t4454/tcp\t# NSS Agent Man"..., 4096) = 4096
read(3, "0/udp\t# TelepathStart\ntelelpatha"..., 4096) = 4096
read(3, "271 Unassigned\npk\t\t5272/tcp\t# P"..., 4096) = 4096
read(3, "ter\t5461/udp\t# SILKMETER\nttl-pub"..., 4096) = 4096
read(3, "tory Server\nopenmailns\t5766/tcp\t"..., 4096) = 4096
read(3, "# SynchroNet-upd\nsynchronet-upd\t"..., 4096) = 4096
read(3, "dp\t# MCER Port\n# 6"..., 4096) = 4096
read(3, "le power supplies\nups-onlinet\t70"..., 4096) = 4096
read(3, "agement\npmdfmgt\t\t7633/udp\t# PMDF"..., 4096) = 4096
read(3, "udp\t# LM Perfworks\nlm-instmgr\t82"..., 4096) = 4096
read(3, "cation\nparagent 9022/tcp "..., 4096) = 4096
read(3, " 9536-9593 Unassigned\nms"..., 4096) = 4096
read(3, "vce\t\t11111/udp\t# Viral Computing"..., 4096) = 4096
read(3, "S Application\n# 14"..., 4096) = 4096
read(3, "00-21589 Unassigned\nvofr-gateway"..., 4096) = 4096
read(3, "000/udp\t# quake\n# "..., 4096) = 4096
read(3, "ntrol Networks\n# 4"..., 4096) = 1668
read(3, "", 4096) = 0
close(3) = 0
munmap(0x40014000, 4096) = 0
fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x40014000
write(1, "Trying 216.104.200.15...\r\n", 26Trying 216.104.200.15...
) = 26
socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
setsockopt(3, SOL_IP, IP_TOS, [16], 4) = 0
connect(3, {sin_family=AF_INET, sin_port=htons(25),
sin_addr=inet_addr("216.104.200.15")}}, 16) = 0
open("/root/.telnetrc", O_RDONLY) = -1 ENOENT (No such file or
directory)
write(1, "Connected to 216.104.200.15.\r\n", 30Connected to 216.104.200.15.
) = 30
write(1, "Escape character is \'^]\'.\r\n", 27Escape character is '^]'.
) = 27
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
rt_sigaction(SIGINT, {0x8051780, [INT], SA_RESTART|0x4000000}, {SIG_DFL}, 8)
= 0
rt_sigaction(SIGQUIT, {0x80517b0, [QUIT], SA_RESTART|0x4000000}, {SIG_DFL},
8) = 0
rt_sigaction(SIGPIPE, {0x8051760, [PIPE], SA_RESTART|0x4000000}, {SIG_DFL},
8) = 0
rt_sigaction(SIGWINCH, {0x8051820, [WINCH], SA_RESTART|0x4000000},
{SIG_DFL}, 8) = 0
rt_sigaction(SIGTSTP, {0x80517e0, [TSTP], SA_RESTART|0x4000000}, {SIG_DFL},
8) = 0
rt_sigaction(SIGTSTP, {0x80517e0, [TSTP], SA_RESTART|0x4000000}, {0x80517e0,
[TSTP], SA_RESTART|0x4000000}, 8) = 0
ioctl(0, TCSETSW, {B38400 opost isig icanon echo ...}) = 0
ioctl(0, FIONBIO, [1]) = 0
ioctl(1, FIONBIO, [1]) = 0
ioctl(3, FIONBIO, [1]) = 0
setsockopt(3, SOL_SOCKET, SO_OOBINLINE, [1], 4) = 0
select(4, [0 3], [], [3], {0, 0}) = 1 (in [3], left {0, 0})
recv(3, "", 8192, 0) = 0
rt_sigaction(SIGTSTP, {SIG_DFL}, {0x80517e0, [TSTP], SA_RESTART|0x4000000},
8) = 0
ioctl(0, TCSETSW, {B38400 opost isig icanon echo ...}) = 0
ioctl(0, FIONBIO, [0]) = 0
ioctl(1, FIONBIO, [0]) = 0
close(3) = 0
rt_sigaction(SIGTSTP, {0x80517e0, [TSTP], SA_RESTART|0x4000000}, {SIG_DFL},
8) = 0
ioctl(0, TCSETSW, {B38400 opost isig icanon echo ...}) = 0
ioctl(0, FIONBIO, [1]) = 0
ioctl(1, FIONBIO, [1]) = 0
select(2, NULL, [1], NULL, NULL) = 1 (out [1])
rt_sigaction(SIGTSTP, {SIG_DFL}, {0x80517e0, [TSTP], SA_RESTART|0x4000000},
8) = 0
ioctl(0, TCSETSW, {B38400 opost isig icanon echo ...}) = 0
ioctl(0, FIONBIO, [0]) = 0
ioctl(1, FIONBIO, [0]) = 0
rt_sigaction(SIGTSTP, {0x80517e0, [TSTP], SA_RESTART|0x4000000}, {SIG_DFL},
8) = 0
ioctl(0, TCSETSW, {B38400 opost isig icanon echo ...}) = 0
ioctl(0, FIONBIO, [1]) = 0
ioctl(1, FIONBIO, [1]) = 0
select(2, NULL, [1], NULL, NULL) = 1 (out [1])
rt_sigaction(SIGTSTP, {SIG_DFL}, {0x80517e0, [TSTP], SA_RESTART|0x4000000},
8) = 0
ioctl(0, TCSETSW, {B38400 opost isig icanon echo ...}) = 0
ioctl(0, FIONBIO, [0]) = 0
ioctl(1, FIONBIO, [0]) = 0
write(2, "Connection closed by foreign hos"..., 36Connection closed by
foreign host.
) = 36
munmap(0x40014000, 4096) = 0
_exit(1) = ?
----------------------------------------------------------------------------
-------------------
I appreciate any help you can provide. Thanks.
Regards,
Mark Tinka - CCNA
Network Engineer
Africa Online Uganda
5th Floor, Commercial Plaza
7 Kampala Rd,
Tel: +256-41-258143
Fax: +256-41-258144
E-mail: mtinka at africaonline.co.ug
Web: www.africaonline.co.ug
-----
This is the afnog mailing list, managed by Majordomo 1.94.5
To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)
This list is maintained by owner-afnog at afnog.org
- Follow-Ups:
- Re: Scanner
- From: Brian Candler <B.Candler at pobox.com>