Network Security: Detailed info on Re: Discovering users by RCPT TO

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Pen-Test

[Top] [All Lists]

Re: Discovering users by RCPT TO

from [Matan Peled] Network Security

[Permanent Link]

Subject:	Re: Discovering users by RCPT TO
Date:	Sat, 15 Jan 2005 10:35:19 +0200

dmz wrote:

I see spammers hitting my MTA daily with dictionary RCTP TO queries
and there isn't much you can really do against it; however I have been
thinking about a solution using real time blockers.

The idea is to monitor the logfile of the MTA, looking for a host
getting more than "X" failed destination addresses (I think 2 or 3 is
a nice entry threshold). Then when they reach the threshold their IP
gets put into a local DNS server that is used by the MTA to as a real
time blocker.

This wouldn't' require more than another RBL addition to the MTA and
then an external script tied to either bind or djbdns.

thoughts?
dmz

But wouldn't that be vulnerable to a DoS attack, IE spoofing the IP and denying service to legitimate clients?

--
[Name      ]   ::  [Matan I. Peled    ]
[Location  ]   ::  [Israel            ]
[Public Key]   ::  [0xD6F42CA5        ]
[Keyserver ]   ::  [keyserver.kjsl.com]
encrypted/signed  plain text  preferred

signature.asc
Description: OpenPGP digital signature

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Discovering users by RCPT TO, Andres Molinetti Re: Discovering users by RCPT TO, GuidoZ Re: Discovering users by RCPT TO, Martin Fallon Re: Discovering users by RCPT TO, Kiril Todorov Re: Discovering users by RCPT TO, Chris Buechler Re: Discovering users by RCPT TO, Jay D. Dyson Re: Discovering users by RCPT TO, Vince Hoang Re: Discovering users by RCPT TO, dmz Re: Discovering users by RCPT TO, Matan Peled <= Re: Discovering users by RCPT TO, Faisal Khan RE: Discovering users by RCPT TO, Bassett, Mark Re: Discovering users by RCPT TO, Baltasar Cevc Re: Discovering users by RCPT TO, Tobias Glemser Re: Discovering users by RCPT TO, Marco Ivaldi

Previous by Date:	RE: DoS/DDoS Attack, Josh Walkson
Next by Date:	RE: DoS/DDoS Attack, Alex R
Previous by Thread:	Re: Discovering users by RCPT TO, dmz
Next by Thread:	Re: Discovering users by RCPT TO, Faisal Khan
Indexes:	[Date] [Thread] [Top] [All Lists]