Security Incidents mailing list archives
email address probes
From: Andy Bastien <lists+incidents () yuggoth net>
Date: Wed, 5 Feb 2003 20:54:19 +0000
Where I work, we've getting lots of attempts to send email to random addresses at our domain. All of these attempts have been coming from valid servers operated by AOL, MSN, and Hotmail. I'm guessing that this is an attempt to find some spam targets, although I suppose that there could be something worse in store. I'd like to be able to stop these attempts, but I can't think of a way to do it. All of the attempts are coming from valid servers from some domains that we can't block. They do all have null reverse-paths (MAIL FROM:<>), but I don't think that we can reject on this criteria as null reverse-paths are used to send NDRs and other notifications which we don't want to block. I suppose that we could accept the emails and dump them to /dev/null (or to some tarpit account so that we can inspect them) instead of replying with a "550 User unknown," but I suspect that this could cause us more headaches in the future. Does anyone have any suggestions as to how we could handle this problem? ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- email address probes Andy Bastien (Feb 05)
- Re: email address probes Kee Hinckley (Feb 06)
- Re: email address probes Brad Arlt (Feb 06)
- Re: email address probes james (Feb 06)
- Re: email address probes Brad Arlt (Feb 07)
- Re: email address probes Greg A. Woods (Feb 06)
- Re: email address probes Axel Beckert - ecos gmbh (Feb 06)
- RE: email address probes Rob Shein (Feb 07)
- Re: email address probes Axel Beckert - ecos gmbh (Feb 06)
- Re: email address probes Dave Laird (Feb 06)
- Re: email address probes Ned Fleming (Feb 06)
- Re: email address probes Andy Bastien (Feb 07)
(Thread continues...)