Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Dictionary Attacks?? 1

Status
Not open for further replies.
rodentcentre

rodentcentre

MIS
Jan 7, 2005
124
US
You guys are going to get sick of me and my questions but I'm trying to learn so thanks ahead of time...I was looking through my SMTP queue and noticed a lot of wierd outgoing domains (such as sender-25-30100926-55@mx6.directsouthpro.com,
1.33745.36333439343133.1.b@ientrynetwork.net,
1.33763.36333439343133.1.b@ientrynetwork.net)...I looked at the contents of the messages and the outgoing e-mail address is postmaster@xxx.com...I plugged the symptoms into google and came up with Dictionary Attacks...The explanation was for both username/password guessing and also e-mail address guessing...Can someone explain to me why there would be outgoing messages from postmaster@xxx.com to these domains, whether or not I'm being paranoid, and what you can do to eliminate the possibility of it happening?? Thanks.
 
Sort by date Sort by votes
it could look like your smtp is an open relay..?
make sure it dont accept connections from everywhere, or your server can forward mail (spam, viruses, illegal content) for anyone
 
Upvote 0 Downvote
Ok, on my Relay Restrictions I have Only the list below selected and have two IP addresses there; 192.168.1.0 and 192.168.1.12 and I have the Allow all computers which successfully authenticate to relay, regardless of the list above checked...am I ok??
 
Upvote 0 Downvote
Could also be bouncebacks to senders because of non-existant users on your domain.
 
Upvote 0 Downvote
is it possible that one of the domain computers could be hosting some spam software? Would it be considered an authenticated machine allowed to relay?
 
Upvote 0 Downvote
If xxx.com is your domain, then it looks like NDR's going out to the Internet. You can disable them in SM if you want (not a bad idea), but in the business world that's not always the best thing to do.

Looks to me like spam and not some sort of attack.

I'm Certifiable, not certified.
It just means my answers are from experience, not a book.
 
Upvote 0 Downvote
Better paranoid than sticking your head in the sand and then getting hauled up in front of your Manager...
 
Upvote 0 Downvote
Just because you are paranoid it doesn't mean that they are not out ot get you!

Sandy
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

larsonm
  • Locked
  • Question
OWA Dictionary
Replies
3
Views
57
larsonm
larsonm
beatdown
  • Locked
  • Question
OWA Spell Checker / Dictionary
Replies
1
Views
53
ShackDaddy
ShackDaddy
Brito
  • Locked
  • Question
Adding to Dictionary in OWA
Replies
0
Views
48
Brito
Brito
eod
  • Locked
  • Question
RNDR attacks. 1
Replies
6
Views
96
zbnet
zbnet

Part and Inventory Search

Sponsor

Back
Top