North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: New mail blocks result of Ralsky's latest attacks?

  • From: Brian Bruns
  • Date: Fri Oct 10 11:15:44 2003

Title: Message
Tis one of the reasons why I've disabled SMTP AUTH on all of my servers for now.  I've known about this for a few weeks now.  Its not surprising.  Most of the servers cracked are Exchange servers (probably thanks to weak passwords), but I still don't feel like taking a chance.
 
Exchage does a horrible job of logging, which is why they are probably being targeted.  Most real SMTP servers (sendmail, exim, postfix, qmail) log failed attempts in the maillog or via PAM (if they use it).
 
--------------------------
Brian Bruns
The Summit Open Source Development Group
Open Solutions For A Closed World / Anti-Spam Resources
http://www.2mbit.com
ICQ: 8077511
----- Original Message -----
From: Bob German
Sent: Friday, October 10, 2003 10:59 AM
Subject: New mail blocks result of Ralsky's latest attacks?

A colleague informed me this morning that Alan Ralsky is doing widespread bruteforce attacks on SMTP AUTH, and they are succeeding, mainly because it's quick, painless (for him), and servers and IDS signatures don't generally offer protection against them.
 
Could this be why everyone's locking up their mail servers all of a sudden?
 
Does anyone know of a way to stop them?
 
Bob