Hi there! On Mon, 8 Mar 1999, Brett Glass wrote: BG> In this attack, an SMTP server is probed for common names, presumably BG> so that spam can the be targeted at them. The attacking machine BG> connects and issues hundreds of RCPT TO: commands, searching a long BG> list of common user names (e.g. susan) for ones that don't cause BG> errors. It then compiles a list of target addresses to spam. The most common protection method against this attack is to restrict the number of recipients per message as defined in sendmail.cf: O MaxRecipientsPerMessage=NN It doesn't protect from name probing, but protects from overhead in conjunction with O ConnectionRateThrottle and O MaxDaemonChildren options. BG> I'm surprised that I haven't seen this one on the Bugtraq list yet. I do not think it's bugtraq issue really. This attack can easily be prevented with configuration methods. SY, Seva Gluschenko, just stranger at the Road. GVS-RIPE: Cronyx Plus / RiNet network administrator. --- IRC: erra * Origin: Erra Netmale (gvsat_private) [http://gvs.rinet.ru/]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:38:27 PDT