Security Incidents mailing list archives
Re: Strange SMTP Garbage Flood
From: Duncan Simpson <dps () io stargate co uk>
Date: Wed, 14 Nov 2001 16:49:35 +0000
Incomplete mail sessions, i.e. HELO, MAIL FROM:, RCPT TO: followed by either cutting the connection or QUIT or RSET is also a known method of probing for valid aliases or user names. It almost always works even if the VRFY, EXPN and other more obvious methods have been disabled. It also tends to avoid null mail session detectora. I have used this method more than once to find out if abuse@<domain> exists or not (and almost always throw in a known invalid name to see if the method works). The same method could be abused to probe for valid user names and that sort of thing. -- Duncan (-: "software industry, the: unique industry where selling substandard goods is legal and you can charge extra for fixing the problems." ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Strange SMTP Garbage Flood Mike Tibor (Nov 13)
- Re: Strange SMTP Garbage Flood macdaddy (Nov 13)
- Re: Strange SMTP Garbage Flood Duncan Simpson (Nov 14)
- Re: Strange SMTP Garbage Flood Johannes Verelst (Nov 14)
- Re: Strange SMTP Garbage Flood Duncan Simpson (Nov 14)
- Re: Strange SMTP Garbage Flood macdaddy (Nov 13)