nanog mailing list archives

Previous By Date Next
Previous By Thread Next

RE: New mail blocks result of Ralsky's latest attacks?

From: "Bob German" <bobgerman () irides com>
Date: Fri, 10 Oct 2003 11:31:20 -0400


He grabbed a couple of our customers' IMAIL servers, and I'm pretty sure
discovered a few weak passwords by brute force.

Bob
 


-----Original Message-----
From: Suresh Ramasubramanian [mailto:suresh () outblaze com] 
Sent: Friday, October 10, 2003 11:27 AM
To: Brian Bruns
Cc: Bob German; nanog () merit edu
Subject: Re: New mail blocks result of Ralsky's latest attacks?


Brian Bruns writes on 10/10/2003 8:42 PM:


Tis one of the reasons why I've disabled SMTP AUTH on all of my 
servers
for now.  I've known about this for a few weeks now.  Its not 
surprising.  Most of the servers cracked are Exchange servers

(probably 

thanks to weak passwords), but I still don't feel like taking a

chance.

Exchange (and MDaemon) seem to be targeted extensively - they have 
admin:admin and guest:guest type default accounts that, if they aren't 
locked down, can be used to AUTH and send out mail.

-- 
srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9
manager, outblaze.com security and antispam operations
Previous By Date Next
Previous By Thread Next

Current thread: