[63806] in North American Network Operators' Group
Re: New mail blocks result of Ralsky's latest attacks?
daemon@ATHENA.MIT.EDU (Suresh Ramasubramanian)
Fri Oct 10 11:33:15 2003
Date: Fri, 10 Oct 2003 20:57:06 +0530
From: Suresh Ramasubramanian <suresh@outblaze.com>
To: Brian Bruns <bruns@2mbit.com>
Cc: Bob German <bobgerman@irides.com>, nanog@merit.edu
In-Reply-To: <007401c38f40$f9818600$cf90b93f@2mbit.com>
Errors-To: owner-nanog-outgoing@merit.edu
Brian Bruns writes on 10/10/2003 8:42 PM:
> Tis one of the reasons why I've disabled SMTP AUTH on all of my servers
> for now. I've known about this for a few weeks now. Its not
> surprising. Most of the servers cracked are Exchange servers (probably
> thanks to weak passwords), but I still don't feel like taking a chance.
Exchange (and MDaemon) seem to be targeted extensively - they have
admin:admin and guest:guest type default accounts that, if they aren't
locked down, can be used to AUTH and send out mail.
--
srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9
manager, outblaze.com security and antispam operations
