Medusa from foofus.net can do bruting against smtp-auth. Its possible
they could be using that.
-Pete
On 1/10/07, mgotts (at) 2roads (dot) com [email concealed] <mgotts (at) 2roads (dot) com [email concealed]> wrote:
> > this day i've seen that somebody from China had tried to get an smtp
> > login om a server. This was the first time i've seen something like
> > this, bruteforce against ssh i've seen often but never against the
> > mailserver. Now i'm interresed in if there a more people out there with
> > similar experience an is there an suggestion to deal with this way of
> hacks?
>
> I've not experienced this myself, since we don't use SMTP Auth, but it has
> been going on for years. I did a quick Google search on "smtp auth attack"
> and found lots of relevant hits, including how to secure a Postfix mail
> server against it (http://www.thecabal.org/~devin/postfix/smtp-auth.txt),
> a general description of the problem and some simple countermeasures (
> http://www.vamsoft.com/authattack.asp), etc.
>
> I did have to allow smtp relays for a remote office some years ago, and in
> addition to implementing smtp auth I also restricted relaying to
> particular IPs and/or subnets. Not a perfect solution, but it prevents any
> attacks on the smtp auth mechanism from outside those IPs.
>
> -- Mark
>
they could be using that.
-Pete
On 1/10/07, mgotts (at) 2roads (dot) com [email concealed] <mgotts (at) 2roads (dot) com [email concealed]> wrote:
> > this day i've seen that somebody from China had tried to get an smtp
> > login om a server. This was the first time i've seen something like
> > this, bruteforce against ssh i've seen often but never against the
> > mailserver. Now i'm interresed in if there a more people out there with
> > similar experience an is there an suggestion to deal with this way of
> hacks?
>
> I've not experienced this myself, since we don't use SMTP Auth, but it has
> been going on for years. I did a quick Google search on "smtp auth attack"
> and found lots of relevant hits, including how to secure a Postfix mail
> server against it (http://www.thecabal.org/~devin/postfix/smtp-auth.txt),
> a general description of the problem and some simple countermeasures (
> http://www.vamsoft.com/authattack.asp), etc.
>
> I did have to allow smtp relays for a remote office some years ago, and in
> addition to implementing smtp auth I also restricted relaying to
> particular IPs and/or subnets. Not a perfect solution, but it prevents any
> attacks on the smtp auth mechanism from outside those IPs.
>
> -- Mark
>
[ reply ]