Garrett Sinfield wrote: > Actually, what you said about poisoning their spamlist would make for a > entertaining read. Perhaps I'll set this up sometime :) If you do so, I would advise only trying this on a honeypot for a domain that you never intend to use for real e-mail[0]. Back when SMTP dictionary attacks first emerged, setting a 'nobody' alias would effectively foil them. In fact, the first pieces of ratware specifically checked for a random string, and if it was accepted would terminate the attack under assumption that no useful data could be stolen. Times have changed, and from what I can tell, no one does this anymore. Then spammers don't care. If their 'dictionary' has a million possible combinations, and you give it a million possible hits, look for regular (daily) spam runs attempting to deliver a million pieces of spam to you. Setting up a nobody alias is a sure way to permanently taint the domain behind it. Mike [0] Now, poisoning the spam harvest database using a throwaway domain, and then pointing an MX record for it to localhost sounds like fun ;) ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
This archive was generated by hypermail 2b30 : Fri Mar 07 2003 - 07:40:22 PST