Penetration Testing mailing list archives
Re: Discovering users by RCPT TO
From: dmz <dmz () dmzs com>
Date: Fri, 14 Jan 2005 08:57:12 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I see spammers hitting my MTA daily with dictionary RCTP TO queries and there isn't much you can really do against it; however I have been thinking about a solution using real time blockers. The idea is to monitor the logfile of the MTA, looking for a host getting more than "X" failed destination addresses (I think 2 or 3 is a nice entry threshold). Then when they reach the threshold their IP gets put into a local DNS server that is used by the MTA to as a real time blocker. This wouldn't' require more than another RBL addition to the MTA and then an external script tied to either bind or djbdns. thoughts? dmz Vince Hoang wrote: |On Thu, Jan 13, 2005 at 02:20:12PM -0500, Chris Buechler wrote: | |>I'd recommend disabling it unless you get flooded by such spam |>attacks. I would probably consider it unnecessary information |>disclosure, depending on the environment and reason (if any) |>for doing it that way. | | |Some MTAs allow permit you to drop the session after a certain |number of failures, but that only slows down the dictionary |attacks. | |You cannot disable RCPT TO because that is how the SMTP protocol |designates the recipients. | |-Vince | | | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB5/nolzAVE2tZub0RAm42AJ99EswcipKsDd3mn9fGo6623n9+HwCgv58+ XznoJeXySxmgJFxFmy9cBgg= =/Zsq -----END PGP SIGNATURE-----
Current thread:
- Discovering users by RCPT TO Andres Molinetti (Jan 12)
- Re: Discovering users by RCPT TO GuidoZ (Jan 13)
- Re: Discovering users by RCPT TO Martin Fallon (Jan 13)
- Re: Discovering users by RCPT TO Kiril Todorov (Jan 13)
- Re: Discovering users by RCPT TO Chris Buechler (Jan 13)
- Re: Discovering users by RCPT TO Jay D. Dyson (Jan 14)
- Re: Discovering users by RCPT TO Vince Hoang (Jan 14)
- Re: Discovering users by RCPT TO dmz (Jan 14)
- Re: Discovering users by RCPT TO Matan Peled (Jan 15)
- Re: Discovering users by RCPT TO Faisal Khan (Jan 15)
- Re: Discovering users by RCPT TO Chris Buechler (Jan 13)
- Re: Discovering users by RCPT TO GuidoZ (Jan 13)
- <Possible follow-ups>
- RE: Discovering users by RCPT TO Bassett, Mark (Jan 15)
- Re: Discovering users by RCPT TO Baltasar Cevc (Jan 17)
- Re: Discovering users by RCPT TO Tobias Glemser (Jan 20)
- Re: Discovering users by RCPT TO Baltasar Cevc (Jan 17)
- Re: Discovering users by RCPT TO Marco Ivaldi (Jan 22)