Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: SMTP server account probing
From: bochmann () INFRA DE (Alexander Bochmann)
Date: Wed, 10 Mar 1999 21:42:44 +0100

Hi,

...on Tue, Mar 09, 1999 at 04:16:13PM -0600, Scott Fendley wrote:


Couldn't you just compile sendmail with tcp_wrapper support, and have a
script parsing your logs so that if someone manages to get n # of pokes at
your system then their Ip address and/or DNS server will be placed in the
hosts.deny.


Perhaps Spamshield could be enhanced to solve this problem.

http://www.abest.com/~kai/spamshield.html

Even if the detection is adapted, it would probably only work after the first
attack though, as it seems sendmail doesn't log the attacking hosts name
before the connection is closed when no data is sent.

Alex.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]