North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: New mail blocks result of Ralsky's latest attacks?
He grabbed a couple of our customers' IMAIL servers, and I'm pretty sure discovered a few weak passwords by brute force. Bob -----Original Message----- From: Suresh Ramasubramanian [mailto:[email protected]] Sent: Friday, October 10, 2003 11:27 AM To: Brian Bruns Cc: Bob German; [email protected] Subject: Re: New mail blocks result of Ralsky's latest attacks? Brian Bruns writes on 10/10/2003 8:42 PM: > Tis one of the reasons why I've disabled SMTP AUTH on all of my > servers > for now. I've known about this for a few weeks now. Its not > surprising. Most of the servers cracked are Exchange servers (probably > thanks to weak passwords), but I still don't feel like taking a chance. Exchange (and MDaemon) seem to be targeted extensively - they have admin:admin and guest:guest type default accounts that, if they aren't locked down, can be used to AUTH and send out mail. -- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, outblaze.com security and antispam operations
|