Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Bruteforce attack against smtp-auth

from [Peter Morgan] Network Security [Permanent Link]
Subject: Re: Bruteforce attack against smtp-auth
Date: Fri, 12 Jan 2007 08:34:00 -0600 
Medusa from foofus.net can do bruting against smtp-auth.  Its possible
they could be using that.

-Pete

On 1/10/07, mgotts@2roads.com <mgotts@2roads.com> wrote: 
> this day i've seen that somebody from China had tried to get an smtp
> login om a server. This was the first time i've seen something like
> this, bruteforce against ssh i've seen often but never against the
> mailserver. Now i'm interresed in if there a more people out there with
> similar experience an is there an suggestion to deal with this way of
hacks?

I've not experienced this myself, since we don't use SMTP Auth, but it has
been going on for years. I did a quick Google search on "smtp auth attack"
and found lots of relevant hits, including how to secure a Postfix mail
server against it (http://www.thecabal.org/~devin/postfix/smtp-auth.txt),
a general description of the problem and some simple countermeasures (
http://www.vamsoft.com/authattack.asp), etc.

I did have to allow smtp relays for a remote office some years ago, and in
addition to implementing smtp auth I also restricted relaying to
particular IPs and/or subnets. Not a perfect solution, but it prevents any
attacks on the smtp auth mechanism from outside those IPs.

-- Mark


[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Bruteforce attack against smtp-auth, mgotts
Next by Date:  UK computer crime contact?, Z
Previous by Thread:  Re: Bruteforce attack against smtp-auth, mgotts
Next by Thread:  UK computer crime contact?, Z
Indexes:  [Date] [Thread] [Top] [All Lists]