WinGate Forums

WinGate Proxy Server and other Qbik products

Skip to content

Switch to mobile style

SMTP Overrun attack

Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems

Moderator: Qbik Staff

Post a reply

SMTP Overrun attack

Postby olaf.krause » Oct 04 06 5:05 am

I wrote a small method that should send mails to the wingate server but wingate says: ...command buffer that was too long (Overrun attack). What exactly does that message mean?

c# code
Code: Select all
               
MailMessage mail = new MailMessage(new MailAddress("from@from.de"),  new MailAddress("to@to.de"));

mail.Subject = "SUB";
mail.Body = "BODY";

SmtpClient client = new SmtpClient("smtp", 25);
client.Credentials = System.Net.CredentialCache.DefaultNetworkCredentials;
 try
{
       client.Send(mail);
}
olaf.krause
WinGate Master
 
Posts: 211
Joined: Oct 03 03 9:41 pm
Location: Germany
Top

Re: SMTP Overrun attack

Postby olaf.krause » Oct 04 06 5:42 am

olaf.krause wrote:client.Credentials = System.Net.CredentialCache.DefaultNetworkCredentials;
caused it, since then NTML is used.

ciao
olaf.krause
WinGate Master
 
Posts: 211
Joined: Oct 03 03 9:41 pm
Location: Germany
Top

Postby adrien » Oct 04 06 2:26 pm

Hi

NTLM should work. Do you have a debug log on the SMTP server you can send?

Adrien
adrien
Qbik Staff
 
Posts: 5448
Joined: Sep 03 03 2:54 pm
Location: Auckland
Top

Postby olaf.krause » Oct 05 06 6:25 am

adrien wrote:Hi

NTLM should work. Do you have a debug log on the SMTP server you can send?

Adrien

Code: Select all
10/03/06 18:34:03   192.168.0.10   Guest   0000008494   Debug:   <=S: 220 research.ok-edv.de ESMTP Service ready
10/03/06 18:34:03   192.168.0.10   Guest   0000008494   Debug:   C=>: EHLO vista
10/03/06 18:34:03   192.168.0.10   Guest   0000008494   Debug:   <=S: 250-research.ok-edv.de greets you
10/03/06 18:34:03   192.168.0.10   Guest   0000008494   Debug:   <=S: 250-AUTH NTLM
10/03/06 18:34:03   192.168.0.10   Guest   0000008494   Debug:   <=S: 250 SIZE 0
10/03/06 18:34:04   192.168.0.10   Guest   0000008494   Debug:   C=>: AUTH ntlm TlRMTVNTUAABAAAAB7IIoggACAAtAAAABQAFACgAAAAGAOAVAAAAD1ZJU1RBUkVTRUFSQ0g=
10/03/06 18:34:04   192.168.0.10   Guest   0000008494   Debug:   C=>: TlRMTVNTUAABAAAAB7IIoggACAAtAAAABQAFACgAAAAGAOAVAAAAD1ZJU1RBUkVTRUFSQ0g=
10/03/06 18:34:04   192.168.0.10   Guest   0000008494   Debug:   <=S: 334 TlRMTVNTUAACAAAAEAAQADgAAAAFgomi4TuNv/AJBfEAAAAAAAAAAKoAqgBIAAAABQLODgAAAA9SAEUAUwBFAEEAUgBDAEgAAgAQAFIARQBTAEUAQQBSAEMASAABAAoAWABFAE4ATwBOAAQAJAByAGUAcwBlAGEAcgBjAGgALgBvAGsALQBlAGQAdgAuAGQAZQADADAAeABlAG4AbwBuAC4AcgBlAHMAZQBhAHIAYwBoAC4AbwBrAC0AZQBkAHYALgBkAGUABQAkAHIAZQBzAGUAYQByAGMAaAAuAG8AawAtAGUAZAB2AC4AZABlAAAAAAA=
10/03/06 18:34:04   192.168.0.10   Guest   0000008494   Debug:   <=S: 421 Buffer overrun attacks are not welcome here. Goodbye
olaf.krause
WinGate Master
 
Posts: 211
Joined: Oct 03 03 9:41 pm
Location: Germany
Top

Postby adrien » Oct 05 06 9:47 am

OK, that's a bug.

depending on your network environment (i.e. domains vs workgroups etc, OS etc) the NTLM packets which are encoded into those big chunks can get quite big, and I guess are getting bigger than the line length limit we set on SMTP. The SMTP spec puts a line limit in of 255 characters, but we will have to extend that.

Adrien
adrien
Qbik Staff
 
Posts: 5448
Joined: Sep 03 03 2:54 pm
Location: Auckland
Top
Post a reply

Return to WinGate

Who is online

Users browsing this forum: Bing [Bot] and 7 guests

Switch to mobile style
Powered by phpBB® Forum Software © phpBB Group
cron