[9874] in bugtraq
Re: SMTP server account probing
daemon@ATHENA.MIT.EDU (James Lick)
Wed Mar 10 13:32:33 1999
Date: Tue, 9 Mar 1999 18:48:44 -0800
Reply-To: James Lick <James.Lick@CORP.SUN.COM>
From: James Lick <James.Lick@CORP.SUN.COM>
X-To: David Gale <dgale@DATAPEX.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.4.04.9903091254290.512-100000@bummer.datapex.com>
On Tue, 9 Mar 1999, David Gale wrote:
> Using /usr/dict/words on my linux box and the TCL code below I ran this
> attack against a sendmail (8.9.2) mailserver which uses virtual user
> tables and a lengthy aliases database.
The way your code is implemented, you send a RCPT and wait for a response
before sending the next RCPT. Due to latency, this algorithm is very
inefficient and results in not much load on the server. The "attack" in
question does not pause between RCPT commands, but rather sends them as
fast as possible and looks at the results later. Also it tries quite a
bit more the few thousand words in /usr/dict/words.
Jim Lick
