[63804] in North American Network Operators' Group
Re: New mail blocks result of Ralsky's latest attacks?
daemon@ATHENA.MIT.EDU (Mike Tancsa)
Fri Oct 10 11:22:03 2003
Date: Fri, 10 Oct 2003 11:17:29 -0400
To: "Bob German" <bobgerman@irides.com>, <nanog@merit.edu>
From: Mike Tancsa <mike@sentex.net>
In-Reply-To: <00f901c38f3f$255e3b30$2001a8c0@potomacdomain.com>
Errors-To: owner-nanog-outgoing@merit.edu
Cant speak for others, but the server that was blocked for us by Yahoo! is
ACL'd by IP address. It would be very helpful if the Yahoo! folk could
post an official explanation as to what happened so we can pass it on to
our customers. e.g. a URL somewhere on Yahoo! ?
---Mike
At 10:59 AM 10/10/2003, Bob German wrote:
>A colleague informed me this morning that Alan Ralsky is doing widespread
>bruteforce attacks on SMTP AUTH, and they are succeeding, mainly because
>it's quick, painless (for him), and servers and IDS signatures don't
>generally offer protection against them.
>
>Could this be why everyone's locking up their mail servers all of a sudden?
>
>Does anyone know of a way to stop them?
>
>Bob
