Bugtraq mailing list archives
Re: SMTP server account probing
From: bochmann () INFRA DE (Alexander Bochmann)
Date: Wed, 10 Mar 1999 21:42:44 +0100
Hi, ...on Tue, Mar 09, 1999 at 04:16:13PM -0600, Scott Fendley wrote:
Couldn't you just compile sendmail with tcp_wrapper support, and have a script parsing your logs so that if someone manages to get n # of pokes at your system then their Ip address and/or DNS server will be placed in the hosts.deny.
Perhaps Spamshield could be enhanced to solve this problem. http://www.abest.com/~kai/spamshield.html Even if the detection is adapted, it would probably only work after the first attack though, as it seems sendmail doesn't log the attacking hosts name before the connection is closed when no data is sent. Alex.
Current thread:
- SMTP server account probing Brett Glass (Mar 08)
- Re: SMTP server account probing Frank Miller (Mar 09)
- Re: SMTP server account probing John E. Martin (Mar 09)
- Re: SMTP server account probing Brett Glass (Mar 09)
- Re: SMTP server account probing Nick Andrew (Mar 09)
- Re: SMTP server account probing Brian Behlendorf (Mar 09)
- Re: SMTP server account probing Valdis.Kletnieks () VT EDU (Mar 09)
- Re: SMTP server account probing Scott Fendley (Mar 09)
- Re: SMTP server account probing Alexander Bochmann (Mar 10)
- Re: SMTP server account probing Alan Cox (Mar 09)
- Re: SMTP server account probing Brett Glass (Mar 09)
- Re: SMTP server account probing Ryan Permeh (Mar 09)
- Re: SMTP server account probing Keith Woodworth (Mar 09)
- Linux Blind TCP Spoofing Security Research Labs (Mar 09)
- Re: Linux Blind TCP Spoofing John D. Hardin (Mar 09)
- Winfreeze.c for Solaris ... Max Schubert (Mar 09)
- Re: SMTP server account probing GvS (Mar 09)
- Re: SMTP server account probing David Gale (Mar 09)
- Re: SMTP server account probing James Lick (Mar 09)
- Administrivia Aleph One (Mar 10)