Incomplete mail sessions, i.e. HELO, MAIL FROM:, RCPT TO: followed by either cutting the connection or QUIT or RSET is also a known method of probing for valid aliases or user names. It almost always works even if the VRFY, EXPN and other more obvious methods have been disabled. It also tends to avoid null mail session detectora. I have used this method more than once to find out if abuse@<domain> exists or not (and almost always throw in a known invalid name to see if the method works). The same method could be abused to probe for valid user names and that sort of thing. -- Duncan (-: "software industry, the: unique industry where selling substandard goods is legal and you can charge extra for fixing the problems." ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Nov 14 2001 - 13:03:27 PST