[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Spam Solution

To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] Spam Solution
From: "Larry Seltzer" <larry@xxxxxxxxxxxxxxxx>
Date: Sat, 19 Jun 2004 05:22:29 -0400

>>Well, spammers are trying to crack accounts through SMTP AUTH for quite a 
>>long time -
this was mentioned in news more than once.
>>Check following threads: 

All that appears to be weak username/password attacks. The reports also all say 
it's
against Exchange and they blame Exchange, not knowing that Exchange uses Active
Directory and can therefore will block this sort of thing if your network is 
set up to
block it. 

Anyway, I guess this is a decent way to attack any SMTP server as it is to 
attack any
network at all. Do intrusion scanners test for weak SMTP AUTH credentials these 
days?

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
larryseltzer@xxxxxxxxxxxxx

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Spam Solution
  - From: Aditya, ALD [ Aditya Lalit Deshmukh ]

References:
- RE: [Full-Disclosure] Spam Solution
  - From: Bojan Zdrnja

Prev by Date: RE: [Full-Disclosure] Spam Solution
Next by Date: Re: [Full-Disclosure] User auto added to Outlook Express contacts
Previous by thread: RE: [Full-Disclosure] Spam Solution
Next by thread: Re: [Full-Disclosure] Spam Solution
Index(es):
- Date
- Thread