Incidents
Bruteforce attack against smtp-auth Jan 09 2007 02:08PM
Philipp Frik (Philipp Frik physik lmu de) (1 replies)
Re: Bruteforce attack against smtp-auth Jan 10 2007 06:14PM
mgotts 2roads com (1 replies)
> this day i've seen that somebody from China had tried to get an smtp
> login om a server. This was the first time i've seen something like
> this, bruteforce against ssh i've seen often but never against the
> mailserver. Now i'm interresed in if there a more people out there with
> similar experience an is there an suggestion to deal with this way of
hacks?

I've not experienced this myself, since we don't use SMTP Auth, but it has
been going on for years. I did a quick Google search on "smtp auth attack"
and found lots of relevant hits, including how to secure a Postfix mail
server against it (http://www.thecabal.org/~devin/postfix/smtp-auth.txt),
a general description of the problem and some simple countermeasures (
http://www.vamsoft.com/authattack.asp), etc.

I did have to allow smtp relays for a remote office some years ago, and in
addition to implementing smtp auth I also restricted relaying to
particular IPs and/or subnets. Not a perfect solution, but it prevents any
attacks on the smtp auth mechanism from outside those IPs.

-- Mark

[ reply ]
Re: Bruteforce attack against smtp-auth Jan 12 2007 02:34PM
Peter Morgan (peterjmorgan gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus