North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
RE: New mail blocks result of Ralsky's latest attacks?
- From: Bob German
- Date: Fri Oct 10 11:45:17 2003
He grabbed a couple of our customers' IMAIL servers, and I'm pretty sure
discovered a few weak passwords by brute force.
Bob
-----Original Message-----
From: Suresh Ramasubramanian [mailto:suresh@outblaze.com]
Sent: Friday, October 10, 2003 11:27 AM
To: Brian Bruns
Cc: Bob German; nanog@merit.edu
Subject: Re: New mail blocks result of Ralsky's latest attacks?
Brian Bruns writes on 10/10/2003 8:42 PM:
> Tis one of the reasons why I've disabled SMTP AUTH on all of my
> servers
> for now. I've known about this for a few weeks now. Its not
> surprising. Most of the servers cracked are Exchange servers
(probably
> thanks to weak passwords), but I still don't feel like taking a
chance.
Exchange (and MDaemon) seem to be targeted extensively - they have
admin:admin and guest:guest type default accounts that, if they aren't
locked down, can be used to AUTH and send out mail.
--
srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9
manager, outblaze.com security and antispam operations
|
