Bugtraq mailing list archives
Re: SMTP server account probing
From: korn () SINARAN CSD CSAM COM MY (Jose C. Oon)
Date: Wed, 10 Mar 1999 09:18:25 +0800
.....snip.....
Unfortunately, the program was designed to defeat the "goaway" option by using RCPT TO: commands instead of VRFY commands. What's needed is the ability to kill the connection after more than two or three recipient names have generated errors.
This is a good idea where a predetermined number of errors in RCPT should warrant the sendmail process to abort and terminate. But on the other side, it'll interrupt normal mail messages delivery, hence, causing lots of retries. Default of 3-5 days. I'd suggest to add some intended delays, for instance: when there's a RCPT error, the attacked sendmail daemon will delay say 30 seconds, before it accepts another RCPT TO or other command. Of course eventually the sendmail will time out and drop the connections when necessary. --Joseph
Current thread:
- Re: SMTP server account probing, (continued)
- Re: SMTP server account probing Ryan Permeh (Mar 09)
- Re: SMTP server account probing Keith Woodworth (Mar 09)
- Linux Blind TCP Spoofing Security Research Labs (Mar 09)
- Re: Linux Blind TCP Spoofing John D. Hardin (Mar 09)
- Winfreeze.c for Solaris ... Max Schubert (Mar 09)
- Re: SMTP server account probing GvS (Mar 09)
- Re: SMTP server account probing David Gale (Mar 09)
- Re: SMTP server account probing James Lick (Mar 09)
- Administrivia Aleph One (Mar 10)
- Re: SMTP server account probing Stefan Monnier (Mar 09)
- Re: SMTP server account probing Jose C. Oon (Mar 09)
- Re: SMTP server account probing Tobias J. Kreidl (Mar 10)
- Re: SMTP server account probing typo () INFERNO TUSCULUM EDU (Mar 13)