Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Linux
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: spambots and dictionary attacks

from [Ansgar -59cobalt- Wiechers] Network Security [Permanent Link]
Subject: Re: spambots and dictionary attacks
Date: Thu, 23 Nov 2006 19:01:09 +0100 
On 2006-11-22 Kurt Seifried wrote:

Greylisting is a two-edged sword, though, that may not only cause
noticable delays in mail delivery, but also legit mails to be
rejected.


Only for the first email if the greylisting system has any sense (i.e.
OpenBSD's spamd),


I'm not familiar with OpenBSD. How does its spamd work? Does it
whitelist hosts that have re-send a greylisted mail?


plus most allow whitelisting.


You can only whitelist what you know about, so there's still the
possibility of legit mail being rejected.


Not to mention that it'll stop working as soon as it's being used
widely enough to make adjusting to it worthwhile to spammers.


Sure and then the hosts are behaving like real email servers which is
vastly more expensive (computationally/etc.) than just blasting stuff
out.


True. But since botnets are cheap: why would a spammer care?

Don't get me wrong: I'm not advocating against greylisting here (though
personally I prefer to avoid it), I'm just pointing out that it's not a
silver bullet.

Regards
Ansgar
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: spambots and dictionary attacks, Devdas Bhagat
Next by Date:  How to check UID of process on the other side of local TCP/UDP connection, rainmailbox2001-ola
Previous by Thread:  Re: spambots and dictionary attacks, Devdas Bhagat
Next by Thread:  Re: spambots and dictionary attacks, rowland onobrauche
Indexes:  [Date] [Thread] [Top] [All Lists]