I would agree that the dictionary method may be a good idea; however, I am the type of person that will commonly guess at addresses such as sales, support, webmaster, etc. so you may want to exclude those types of addresses as Pete suggested. Addresses such as csmith, rjones, etc. are commonly used in brute force methods, though, and would be useful.
----- Original Message ----- From: "Pete McNeil" <[EMAIL PROTECTED]> To: "William Van Hefner" <sniffer@SortMonster.com> Sent: Tuesday, December 06, 2005 3:25 PM Subject: Re[6]: [sniffer] POP3 Account Question > On Tuesday, December 6, 2005, 2:13:43 PM, William wrote: > > WVH> Pete, > > WVH> How about just creating some accounts that are commonly targeted by > WVH> dictionary attacks, but that were never actually valid accounts on our > WVH> server? I could redirect all of them to a common mailbox. There are also a > WVH> few other "common" (non-role) addresses that we do not use, which always get > WVH> targeted by spammers. I am thinking of sales@, info@, etc. I have > WVH> accumulated quite a list of common dictionary attack names from my logs. I > WVH> wouldn't have to seed the addresses anywhere. They get hit just by virtue of > WVH> how common they are. > > That is definitely another good strategy -- more limited and better > structured than using a "nobody" account. > > The only caveat is making sure that nobody on the outside would ever > have reason to expect an info@ or sales@ address existed... sometimes > folks will guess. If this happens, it's usually not a fatal problem, > but it's worth thinking about on a case-by-case basis. > > Do you have a histogram for your list? That would be interesting to > see. > > Thanks, > > _M > > > > This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html