[Mimedefang] Tarpit for dictionary attacks
Jeffrey Goldberg
jeffrey at goldmark.org
Wed May 21 03:12:00 EDT 2003
On Wed, 21 May 2003 listuser at numbnuts.net wrote:
> > [...] If you look at logs you
> > will see that a dictionary attack usually begins with
> >
> > RCPT TO:<some-unlikely-string at your.dom.ain>
> >
> >
> > If that gets accepted the probe will figure that you catch everything for
> > your domain.
>
> This would be a problem.
Yup. Right now I'm looking at the logs of something that started with
849T28126H187962bfb
Then tried
kelly
robin
ryan
art
er
It gave up quickly because I had sendmail's throttling of this turned on.
Otherwise it would have gone through scores of guesses per second.
-j
--
Jeffrey Goldberg http://www.goldmark.org/jeff/
Relativism is the triumph of authority over truth, convention over justice
Hate spam? Boycott MCI! http://www.goldmark.org/jeff/anti-spam/mci/
More information about the MIMEDefang
mailing list