|
Security Incidents
mailing list archives
Re: SMTP username dictionary attack
From: Mike <mike () rockynet com>
Date: Thu, 06 Mar 2003 15:51:26 -0700
Garrett Sinfield wrote:
Actually, what you said about poisoning their spamlist would make for a
entertaining read. Perhaps I'll set this up sometime :)
If you do so, I would advise only trying this on a honeypot for a domain
that you never intend to use for real e-mail[0].
Back when SMTP dictionary attacks first emerged, setting a 'nobody'
alias would effectively foil them. In fact, the first pieces of ratware
specifically checked for a random string, and if it was accepted would
terminate the attack under assumption that no useful data could be stolen.
Times have changed, and from what I can tell, no one does this anymore.
Then spammers don't care. If their 'dictionary' has a million possible
combinations, and you give it a million possible hits, look for regular
(daily) spam runs attempting to deliver a million pieces of spam to you.
Setting up a nobody alias is a sure way to permanently taint the domain
behind it.
Mike
[0] Now, poisoning the spam harvest database using a throwaway domain,
and then pointing an MX record for it to localhost sounds like fun ;)
----------------------------------------------------------------------------
<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>
 By Date 
By Thread
Current thread:
|
Intro
