From: Faisal Khan (faisal@netxs.com.pk)
Date: Fri Jan 14 2005 - 13:57:58 EST
Turning on Reverse DNS and Tarpitting helps for Dictionary Attacks.
At 09:57 PM 1/14/2005, you wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>I see spammers hitting my MTA daily with dictionary RCTP TO queries
>and there isn't much you can really do against it; however I have been
>thinking about a solution using real time blockers.
>
>The idea is to monitor the logfile of the MTA, looking for a host
>getting more than "X" failed destination addresses (I think 2 or 3 is
>a nice entry threshold). Then when they reach the threshold their IP
>gets put into a local DNS server that is used by the MTA to as a real
>time blocker.
>
>This wouldn't' require more than another RBL addition to the MTA and
>then an external script tied to either bind or djbdns.
>
>thoughts?
>dmz
>
>Vince Hoang wrote:
>
>|On Thu, Jan 13, 2005 at 02:20:12PM -0500, Chris Buechler wrote:
>|
>|>I'd recommend disabling it unless you get flooded by such spam
>|>attacks. I would probably consider it unnecessary information
>|>disclosure, depending on the environment and reason (if any)
>|>for doing it that way.
>|
>|
>|Some MTAs allow permit you to drop the session after a certain
>|number of failures, but that only slows down the dictionary
>|attacks.
>|
>|You cannot disable RCPT TO because that is how the SMTP protocol
>|designates the recipients.
>|
>|-Vince
>|
>|
>|
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.5 (GNU/Linux)
>Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
>iD8DBQFB5/nolzAVE2tZub0RAm42AJ99EswcipKsDd3mn9fGo6623n9+HwCgv58+
>XznoJeXySxmgJFxFmy9cBgg=
>=/Zsq
>-----END PGP SIGNATURE-----
Faisal Khan, CEO
Net Access Communication
Systems (Private) Limited
________________________________
Network Security - Secure Web Hosting
Managed Internet Services - Secure Email
Dedicated Servers - Reseller Hosting
Visit www.netxs.com.pk for more information.
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:13 EDT