telnet to a port vs applications
I have a rule with SMTP as allowed. The user is trying to test using telnet:25. This should still be denied, yes?
27 Views
top of page
bottom of page
I have a rule with SMTP as allowed. The user is trying to test using telnet:25. This should still be denied, yes?
no, actually
Telnet is a very 'clean' application in that it does not have a signature of it's own. It will simply open a socket on a remote system and then sit and wait. In the case of smtp, the smtp server will serve a banner letting the client know it is ready to receive a message and then also sit and wait,. So as far as App-ID goes, everything up to this part is a normal smtp connection. Only if you start inputting commands that do not belong in smtp will app-id identify a different app and retroactively block the session