Page 1 of 1
Stealth Bubba
Posted: 06 Oct 2007, 13:54
by Hammer
It would be really neat if the exterior interfaces of Bubba would be fully and easily customizable. I'd like to remove everthing that reveals it as a file/mail server to be able to use it from work.
Also the tinyproxy plus a redirect possibility of DNS request so these don't use my work's DNSs in a preconfigured/installed package would be neato..
Thanks....
Posted: 17 Oct 2007, 17:28
by Ubi
I find your request puzzling.
Do you want to physically alter the metal casing of Bubba? Or do you want to change the software so that portmappers etc can not see it has SMTP capabilities?
Ubi
Posted: 17 Oct 2007, 17:45
by johannes
..or do you want to alter the web-admin interface, so your boss won't see what you are doing?
If so, have a look
here.
Posted: 02 Nov 2007, 12:56
by Hammer
Totally missed your replies guys.
@Ubi:
No, but a fun idea. I'll camouflage-paint my bubba!
And yes, that is right. SMTP and file server capabilities should be hidden deeeeeeep down..
@johannes:
Don't see what the tiny hack has to do with it????
Posted: 02 Nov 2007, 12:59
by johannes
Just thought you wanted to camouflage the web file manager, but now I get the point. bubbalibres hack is an example of that, that's just what I ment.
Posted: 03 Nov 2007, 19:04
by Ubi
Right
I still find this strange. You want to "use" it from work but it seems that some BOFH at work tracks where you surf to and then do a portscan on that box and it the box does SMTP so he blocks access?????
that must be the weirdest story I heard all week!
(hint: if you ask cryptic questions, you get cryptic answers.)
Posted: 05 Nov 2007, 08:36
by Hammer
Might have explained it badly.
No, they do not to my knowledge perform port scans. What they do is sniff for webmail providers and block them. So when Bubba's mail-login page states "webmail" I am doomed without any sort of intelligence besides reading ability need to exist on the scanning side.
Or for that matter - a dumb bot that searches for "webmail" or permutations thereof would be equally bad.
I have re-enabled 443 and hidden the webmail login so it isn't as visible. I just don't know if that is enough.
Posted: 14 Nov 2007, 05:18
by Ubi
My feeling is that simply routing the webmail interface via SSL (
https://blabla.com) makes it impossible for the gateway to sniff the text and filter for specific words.
If they can still do that they're essentially using a man-in-the-middle attack to all your data and are probably the most paranoid IT staff in the world =D
EDIT: be sure to map the URL to something other than
https://blbla.com/webmail in case they sniff the DNS entries too
Does this help?
Ubi