At 09:07 AM 10/10/2003, Steven M. Bellovin wrote:
Out of curiousity, has anyone tried turning this over to law
enforcement? It's another form of hacking, but the money trail back
through the spammers might provide enough evidence for prosecution.
From my read, it sounds sufficient in its own right
Steven M. Bellovin writes on 10/10/2003 9:37 PM:
Out of curiousity, has anyone tried turning this over to law
enforcement? It's another form of hacking, but the money trail back
through the spammers might provide enough evidence for prosecution.
--Steve Bellovin, http://www.research.att.com/
Out of curiousity, has anyone tried turning this over to law
enforcement? It's another form of hacking, but the money trail back
through the spammers might provide enough evidence for prosecution.
--Steve Bellovin, http://www.research.att.com/~smb
Brian Bruns
To: X
Cc: [EMAIL PROTECTED]
Sent: Friday, October 10, 2003 11:35 AM
Subject: Re: New mail blocks result of Ralsky's latest attacks?
Hey XXX,
There are a few ways to lock down an Exchange server. Luckily, I used to be
an Exchange admin two years ago, so let me quickly dig up m
on Fri, Oct 10, 2003 at 08:47:51PM +0530, Suresh Ramasubramanian wrote:
> Set up header checks in sendmail / postfix to block all mail with
> Received: headers showing Ralsky IPs. PCRE header checks in postfix
> would be like -
Sendmail rulesets to block Ralsky:
KRalsky1 regex [EMAIL PROTEC
-Spam
Resourceshttp://www.2mbit.comICQ:
8077511
- Original Message -
From:
Brian Bruns
To: Bob German ; [EMAIL PROTECTED]
Sent: Friday, October 10, 2003 11:12
AM
Subject: Re: New mail blocks result of
Ralsky's latest attacks?
Tis one of the reasons why I've disabl
an; [EMAIL PROTECTED]
Subject: Re: New mail blocks result of Ralsky's latest attacks?
Brian Bruns writes on 10/10/2003 8:42 PM:
> Tis one of the reasons why I've disabled SMTP AUTH on all of my
> servers
> for now. I've known about this for a few weeks now. Its not
> sur
Brian Bruns writes on 10/10/2003 8:42 PM:
Tis one of the reasons why I've disabled SMTP AUTH on all of my servers
for now. I've known about this for a few weeks now. Its not
surprising. Most of the servers cracked are Exchange servers (probably
thanks to weak passwords), but I still don't fe
Bob German writes on 10/10/2003 8:29 PM:
A colleague informed me this morning that Alan Ralsky is doing
widespread bruteforce attacks on SMTP AUTH, and they are succeeding,
mainly because it's quick, painless (for him), and servers and IDS
signatures don't generally offer protection against the
Cant speak for others, but the server that was blocked for us by Yahoo! is
ACL'd by IP address. It would be very helpful if the Yahoo! folk could
post an official explanation as to what happened so we can pass it on to
our customers. e.g. a URL somewhere on Yahoo! ?
---Mike
At 10:59
On Fri, 10 Oct 2003 10:59:46 -0400
"Bob German" <[EMAIL PROTECTED]> wrote:
> A colleague informed me this morning that Alan Ralsky is doing
> widespread bruteforce attacks on SMTP AUTH, and they are succeeding,
> mainly because it's quick, painless (for him), and servers and IDS
> signatures don'
pment GroupOpen Solutions For A Closed World / Anti-Spam
Resourceshttp://www.2mbit.comICQ:
8077511
- Original Message -
From:
Bob
German
To: [EMAIL PROTECTED]
Sent: Friday, October 10, 2003 10:59
AM
Subject: New mail blocks result of
Ralsky's latest attac
Title: Message
A colleague informed
me this morning that Alan Ralsky is doing widespread bruteforce attacks on SMTP
AUTH, and they are succeeding, mainly because it's quick, painless (for him),
and servers and IDS signatures don't generally offer protection against
them.
Could this be why
13 matches
Mail list logo