Re: SMTP server account probing

From: James Lick (James.Lickat_private)
Date: Tue Mar 09 1999 - 18:48:44 PST

Next message: Frank Miller: "SMTP Abuse - Extracted domains from glpro.exe application"

Previous message: John D. Hardin: "Re: Linux Blind TCP Spoofing"
Maybe in reply to: Brett Glass: "SMTP server account probing"
Next in thread: Tobias J. Kreidl: "Re: SMTP server account probing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 9 Mar 1999, David Gale wrote:
> Using /usr/dict/words on my linux box and the TCL code below I ran this
> attack against a sendmail (8.9.2) mailserver which uses virtual user
> tables and a lengthy aliases database.

The way your code is implemented, you send a RCPT and wait for a response
before sending the next RCPT.  Due to latency, this algorithm is very
inefficient and results in not much load on the server.  The "attack" in
question does not pause between RCPT commands, but rather sends them as
fast as possible and looks at the results later.  Also it tries quite a
bit more the few thousand words in /usr/dict/words.

Jim Lick

Next message: Frank Miller: "SMTP Abuse - Extracted domains from glpro.exe application"
Previous message: John D. Hardin: "Re: Linux Blind TCP Spoofing"
Maybe in reply to: Brett Glass: "SMTP server account probing"
Next in thread: Tobias J. Kreidl: "Re: SMTP server account probing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:38:36 PDT