Re: New mail blocks result of Ralsky's latest attacks?

["Brian Bruns" <bruns () 2mbit com>]

MessageTis one of the reasons why I've disabled SMTP AUTH on all of my servers for now.  I've known about this for a 
few weeks now.  Its not surprising.  Most of the servers cracked are Exchange servers (probably thanks to weak 
passwords), but I still don't feel like taking a chance.

Exchage does a horrible job of logging, which is why they are probably being targeted.  Most real SMTP servers 
(sendmail, exim, postfix, qmail) log failed attempts in the maillog or via PAM (if they use it).

--------------------------
Brian Bruns
The Summit Open Source Development Group
Open Solutions For A Closed World / Anti-Spam Resources
http://www.2mbit.com
ICQ: 8077511
  ----- Original Message ----- 
  From: Bob German 
  To: nanog () merit edu 
  Sent: Friday, October 10, 2003 10:59 AM
  Subject: New mail blocks result of Ralsky's latest attacks?


  A colleague informed me this morning that Alan Ralsky is doing widespread bruteforce attacks on SMTP AUTH, and they 
are succeeding, mainly because it's quick, painless (for him), and servers and IDS signatures don't generally offer 
protection against them.

  Could this be why everyone's locking up their mail servers all of a sudden?

  Does anyone know of a way to stop them?

  Bob