[Mimedefang] dictionary attacks looking for a valid user

Ian Mitchell trash at aftermagic.com
Thu Dec 15 17:40:08 EST 2005


> From: Jan Pieter Cornet <johnpc at xs4all.nl>
> Subject: Re: [Mimedefang] dictionary attacks looking for a valid user
>
> An easier solution might be to have a process tail(1) your logfile and
> take action on the information there. I think I've even seen something
> like that: more than x invalid recipients, and you're firewalled away.
>

I have to cringe at the "tail your logfile and take action" part. Sendmail
and Mimedefang place data supplied by the calling server into the syslog
file, and I could just see someone doing something like:

1. Tail maillog
2. grep "user unknown"
3. sed relay server
4. insert into database "relay server" (which just happens to be spoofed
to include a "; drop database mysql" encoded in some obscure form)

Ok, so this isn't a precise hack, but you get my point. I'd be really
careful playing with a technique such as this... Lot's of error checking
;)





More information about the MIMEDefang mailing list