On Tue, 9 Mar 1999, David Gale wrote: > Using /usr/dict/words on my linux box and the TCL code below I ran this > attack against a sendmail (8.9.2) mailserver which uses virtual user > tables and a lengthy aliases database. The way your code is implemented, you send a RCPT and wait for a response before sending the next RCPT. Due to latency, this algorithm is very inefficient and results in not much load on the server. The "attack" in question does not pause between RCPT commands, but rather sends them as fast as possible and looks at the results later. Also it tries quite a bit more the few thousand words in /usr/dict/words. Jim Lick
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:38:36 PDT