Tis one of the reasons why I've disabled SMTP AUTH
on all of my servers for now. I've known about this for a few weeks
now. Its not surprising. Most of the servers cracked are Exchange
servers (probably thanks to weak passwords), but I still don't feel like taking
a chance.
Exchage does a horrible job of logging, which is
why they are probably being targeted. Most real SMTP servers (sendmail,
exim, postfix, qmail) log failed attempts in the maillog or via PAM (if they use
it).
--------------------------
Brian Bruns
The Summit Open Source
Development Group
Open Solutions For A Closed World / Anti-Spam
Resources
http://www.2mbit.comICQ:
8077511
----- Original Message -----
Sent: Friday, October 10, 2003 10:59
AM
Subject: New mail blocks result of
Ralsky's latest attacks?
A colleague
informed me this morning that Alan Ralsky is doing widespread bruteforce
attacks on SMTP AUTH, and they are succeeding, mainly because it's quick,
painless (for him), and servers and IDS signatures don't generally offer
protection against them.
Could this be why
everyone's locking up their mail servers all of a sudden?
Does anyone know
of a way to stop them?