[9851] in bugtraq
Re: SMTP server account probing
daemon@ATHENA.MIT.EDU (GvS)
Tue Mar 9 13:33:29 1999
X-Envelope-To: <BUGTRAQ@NETSPACE.ORG>
Date: Tue, 9 Mar 1999 20:58:25 +0300
Reply-To: GvS <gvs@RINET.RU>
From: GvS <gvs@RINET.RU>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <4.1.19990308115212.041b17b0@localhost>
Hi there!
On Mon, 8 Mar 1999, Brett Glass wrote:
BG> In this attack, an SMTP server is probed for common names, presumably
BG> so that spam can the be targeted at them. The attacking machine
BG> connects and issues hundreds of RCPT TO: commands, searching a long
BG> list of common user names (e.g. susan) for ones that don't cause
BG> errors. It then compiles a list of target addresses to spam.
The most common protection method against this attack is to restrict
the number of recipients per message as defined in sendmail.cf:
O MaxRecipientsPerMessage=NN
It doesn't protect from name probing, but protects from overhead in
conjunction with O ConnectionRateThrottle and O MaxDaemonChildren
options.
BG> I'm surprised that I haven't seen this one on the Bugtraq list yet.
I do not think it's bugtraq issue really. This attack can easily be
prevented with configuration methods.
SY, Seva Gluschenko, just stranger at the Road.
GVS-RIPE: Cronyx Plus / RiNet network administrator.
--- IRC: erra
* Origin: Erra Netmale (gvs@rinet.ru) [http://gvs.rinet.ru/]
