subject: exchange

Rui Silva - Exchanging Knowledge About Exchange

Recent Posts

Sponsors

Tags

News

Disclaimer

  • This posting is provided "AS IS" with no warranties, and confers no rights.
    The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway. Please use the Exchange Forums for support requests.

Community

Email Notifications

Blogroll

Links

Archives

Microsoft Security Advisory (842851)

Springfield tar pit

Microsoft released a security advisory that focus on the SMTP tar pit feature included with Windows Server 2003 Service Pack 1. This feature was previously available as a PSS update.

SMTP tar pitting is the practice of artificially delaying server responses for certain SMTP communication patterns and it's used to help fighting spam attacks, such as Directory Harvest Attack (DHA). In a DHA, an attacker unleashes a program that guesses all the possible e-mail addresses within a domain and attempts to send messages to those addresses. Normally the SMTP server will respond with a "550 User unknown" message to the non-existing addresses, so after a succeeded DHA the spammer will know the valid addresses.


MAIL FROM:<>
250 2.1.0 <>....Sender OK
RCPT TO:
550 5.1.1 User unknown
QUIT

A brute force attack such as DHA with 4 characters can be completed in about 20 minutes. By introducing a 5 sec. delay it will now take months.

Related links:

Posted: Mon, May 16 2005 11:38 by Rui Silva | with 2 comment(s)
Filed under:

Comments

John said:

srCzZ2 fgb21nlkfgb09834bfv

# October 31, 2007 3:30 AM

John said:

NMb0ad 34fv0s9kmfdv4mnfv2kkls03

# November 12, 2007 5:12 AM