Incidents
Bruteforce attack against smtp-auth Jan 09 2007 02:08PM
Philipp Frik (Philipp Frik physik lmu de) (1 replies)
Re: Bruteforce attack against smtp-auth Jan 10 2007 06:14PM
mgotts 2roads com (1 replies)
Re: Bruteforce attack against smtp-auth Jan 12 2007 02:34PM
Peter Morgan (peterjmorgan gmail com)
Medusa from foofus.net can do bruting against smtp-auth. Its possible
they could be using that.

-Pete

On 1/10/07, mgotts (at) 2roads (dot) com [email concealed] <mgotts (at) 2roads (dot) com [email concealed]> wrote:
> > this day i've seen that somebody from China had tried to get an smtp
> > login om a server. This was the first time i've seen something like
> > this, bruteforce against ssh i've seen often but never against the
> > mailserver. Now i'm interresed in if there a more people out there with
> > similar experience an is there an suggestion to deal with this way of
> hacks?
>
> I've not experienced this myself, since we don't use SMTP Auth, but it has
> been going on for years. I did a quick Google search on "smtp auth attack"
> and found lots of relevant hits, including how to secure a Postfix mail
> server against it (http://www.thecabal.org/~devin/postfix/smtp-auth.txt),
> a general description of the problem and some simple countermeasures (
> http://www.vamsoft.com/authattack.asp), etc.
>
> I did have to allow smtp relays for a remote office some years ago, and in
> addition to implementing smtp auth I also restricted relaying to
> particular IPs and/or subnets. Not a perfect solution, but it prevents any
> attacks on the smtp auth mechanism from outside those IPs.
>
> -- Mark
>

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus