Re: Discovering users by RCPT TO

From: Matan Peled (chaosite@gmail.com)
Date: Sat Jan 15 2005 - 03:35:19 EST

• Next message: Faisal Khan: "Re: Discovering users by RCPT TO"
• Previous message: Alex R: "RE: DoS/DDoS Attack"
• In reply to: dmz: "Re: Discovering users by RCPT TO"
• Next in thread: Faisal Khan: "Re: Discovering users by RCPT TO"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

dmz wrote:
> I see spammers hitting my MTA daily with dictionary RCTP TO queries
> and there isn't much you can really do against it; however I have been
> thinking about a solution using real time blockers.
>
> The idea is to monitor the logfile of the MTA, looking for a host
> getting more than "X" failed destination addresses (I think 2 or 3 is
> a nice entry threshold). Then when they reach the threshold their IP
> gets put into a local DNS server that is used by the MTA to as a real
> time blocker.
>
> This wouldn't' require more than another RBL addition to the MTA and
> then an external script tied to either bind or djbdns.
>
> thoughts?
> dmz

But wouldn't that be vulnerable to a DoS attack, IE spoofing the IP and denying
service to legitimate clients?

-- 
[Name      ]   ::  [Matan I. Peled    ]
[Location  ]   ::  [Israel            ]
[Public Key]   ::  [0xD6F42CA5        ]
[Keyserver ]   ::  [keyserver.kjsl.com]
encrypted/signed  plain text  preferred

• application/pgp-signature attachment: OpenPGP digital signature

• Next message: Faisal Khan: "Re: Discovering users by RCPT TO"
• Previous message: Alex R: "RE: DoS/DDoS Attack"
• In reply to: dmz: "Re: Discovering users by RCPT TO"
• Next in thread: Faisal Khan: "Re: Discovering users by RCPT TO"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:13 EDT