Re: Discovering users by RCPT TO

From: Vince Hoang (vince@litrium.com)
Date: Thu Jan 13 2005 - 18:20:15 EST

• Next message: Martin Bernhard: "question regarding w3who.dll bug"
• Previous message: Faisal Khan: "DoS/DDoS Attack"
• In reply to: Chris Buechler: "Re: Discovering users by RCPT TO"
• Next in thread: dmz: "Re: Discovering users by RCPT TO"
• Reply: dmz: "Re: Discovering users by RCPT TO"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Thu, Jan 13, 2005 at 02:20:12PM -0500, Chris Buechler wrote:
> I'd recommend disabling it unless you get flooded by such spam
> attacks. I would probably consider it unnecessary information
> disclosure, depending on the environment and reason (if any)
> for doing it that way.

Some MTAs allow permit you to drop the session after a certain
number of failures, but that only slows down the dictionary
attacks.

You cannot disable RCPT TO because that is how the SMTP protocol
designates the recipients.

-Vince

• Next message: Martin Bernhard: "question regarding w3who.dll bug"
• Previous message: Faisal Khan: "DoS/DDoS Attack"
• In reply to: Chris Buechler: "Re: Discovering users by RCPT TO"
• Next in thread: dmz: "Re: Discovering users by RCPT TO"
• Reply: dmz: "Re: Discovering users by RCPT TO"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:13 EDT