Re: Discovering users by RCPT TO
From: Matan Peled (chaosite_at_gmail.com)
Date: 01/15/05
- Previous message: Alex R: "RE: DoS/DDoS Attack"
- In reply to: dmz: "Re: Discovering users by RCPT TO"
- Next in thread: Faisal Khan: "Re: Discovering users by RCPT TO"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 15 Jan 2005 10:35:19 +0200 To: dmz <dmz@dmzs.com>
dmz wrote:
> I see spammers hitting my MTA daily with dictionary RCTP TO queries
> and there isn't much you can really do against it; however I have been
> thinking about a solution using real time blockers.
>
> The idea is to monitor the logfile of the MTA, looking for a host
> getting more than "X" failed destination addresses (I think 2 or 3 is
> a nice entry threshold). Then when they reach the threshold their IP
> gets put into a local DNS server that is used by the MTA to as a real
> time blocker.
>
> This wouldn't' require more than another RBL addition to the MTA and
> then an external script tied to either bind or djbdns.
>
> thoughts?
> dmz
But wouldn't that be vulnerable to a DoS attack, IE spoofing the IP and denying
service to legitimate clients?
-- [Name ] :: [Matan I. Peled ] [Location ] :: [Israel ] [Public Key] :: [0xD6F42CA5 ] [Keyserver ] :: [keyserver.kjsl.com] encrypted/signed plain text preferred
- application/pgp-signature attachment: OpenPGP digital signature
- Previous message: Alex R: "RE: DoS/DDoS Attack"
- In reply to: dmz: "Re: Discovering users by RCPT TO"
- Next in thread: Faisal Khan: "Re: Discovering users by RCPT TO"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
