[9896] in bugtraq
Re: SMTP server account probing
daemon@ATHENA.MIT.EDU (Alexander Bochmann)
Fri Mar 12 15:06:13 1999
Date: Wed, 10 Mar 1999 21:42:44 +0100
Reply-To: Alexander Bochmann <bochmann@INFRA.DE>
From: Alexander Bochmann <bochmann@INFRA.DE>
X-To: Scott Fendley <dsf@comp.uark.edu>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.GSO.3.96.990309161103.400N-100000@enigma.uark.edu>; from
Scott Fendley on Tue, Mar 09, 1999 at 04:16:13PM -0600
Hi,
...on Tue, Mar 09, 1999 at 04:16:13PM -0600, Scott Fendley wrote:
> Couldn't you just compile sendmail with tcp_wrapper support, and have a
> script parsing your logs so that if someone manages to get n # of pokes at
> your system then their Ip address and/or DNS server will be placed in the
> hosts.deny.
Perhaps Spamshield could be enhanced to solve this problem.
http://www.abest.com/~kai/spamshield.html
Even if the detection is adapted, it would probably only work after the first
attack though, as it seems sendmail doesn't log the attacking hosts name
before the connection is closed when no data is sent.
Alex.
