Re: SMTP vulnerabilities
From: Dave Wreski (dave@guardiandigital.com)Date: 12/01/01
- Previous message: Dennis Stout: "Re: SMTP vulnerabilities"
- In reply to: Jihène Krichène: "SMTP vulnerabilities"
- Next in thread: lists@notatla.demon.co.uk: "Re: SMTP vulnerabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <3C095606.C8E2EFC@guardiandigital.com> Date: Sat, 01 Dec 2001 17:13:26 -0500 From: Dave Wreski <dave@guardiandigital.com> To: security-discuss@linuxsecurity.com Subject: Re: SMTP vulnerabilities
> As you know, SMTP is vulnerable to DoS attacks (mail bombing and spamming).
Yes.
> You agree also that the solution is PGP or S/MIME.
No. PGP won't help you with SMTP. Perhaps you're thinking of something
like TLS or SMTP-AUTH which can be used to determine if a user is
authorized to send mail through the mail server. PGP only provides
encryption.
> Suppose that you are asked to detect the vulnerabilities of a LAN, how do
> you proceed to know if the server SMTP is vulnerable to DoS attacks ? In
> other words, how can you check if this server uses PGP or S/MIME or at least
> IPsec?
The SMTP protocol is inherently susceptible to DoS attacks. There's no
access control to prevent someone from flooding your server with more
requests than it can handle. Also, just because it may use something
like IPSec doesn't mean it can't be DoS'd.
dave
-- Dave Wreski Corporate Manager Guardian Digital, Inc. (201) 934-9230 Pioneering. Open Source. Security. dave@guardiandigital.com http://www.guardiandigital.com ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
- Previous message: Dennis Stout: "Re: SMTP vulnerabilities"
- In reply to: Jihène Krichène: "SMTP vulnerabilities"
- Next in thread: lists@notatla.demon.co.uk: "Re: SMTP vulnerabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
