Re: [clug-talk] 29 emails distrinuted spam attemts

[Niels Voll]

yes, your argument makes sense to me, so that would make it more likely 
some sort of dictionary attack on email addresses in a server. I'm 
suspecting, that the number of attempts per day stays somewhat small to 
avoid easy detection by at least larger mail server administrators. It 
is just the small server installations, where such things are easily 
noticed in the logs.

If you google on "dictionary attack smtp [insert name of your smtp 
server here] spam" and similar words, you'll find all kinds of similar 
experiences, resource pages and such. I've just found one, I will have a 
closer look at:

http://www.geocities.com/spamresources/filter-server-addon.htm

cheers, ...Niels



bogi wrote:

Well,
There are many 29 email attempts from different sources. each ine of them
attempts 29 emails and then disconnects. What is strange, as oposed to your 
theory, is the simple fact, that none of these 29-email groupes, from very 
different mailers contain similar/repeate names. they are all different.
If many spammers would be working off the same list, i would get the same 
names attempted over and over again, right ? well i am not.
Cheers
Szemir

On January 4, 2004 15:52, Niels Voll wrote:
 

I see this on my server, too, although the numbers are slightly higher
for me. And yes, I have read somewhere, that e-mail guessing robots are
all the rage these days. However another explanation could be, that
people are buying spamming e-mail address lists with bogus (generated)
emails. So they might be attempted spams with these bogus mailing lists
as their source. There was a thing on slashdot on that just the other day.
I'm very interested in other people's experiences. too.

...Niels

bogi wrote:
   

Hi

I have noticed a strange trend in some of my servers mail logfiles.

The phenomina consistes of 29 (exactly and every time) emails
addressed to (nonexsistent) 29 different usernames. Since i hardly
have users on my system, these emails get bounced.
The sender is allways different, but the 29 email names never repeate,
suggesting to me a distributed email-guessing attempt directed from a
centeral name-list anf performed by different end-users 29 names at a
time.
So my question is: Is this something new, do any other sysadmins see this
? and if it is not new, then what is it, and how to guard against it ??
Cheers
Szemir
_______________________________________________
clug-talk mailing list
[EMAIL PROTECTED]
http://clug.ca/mailman/listinfo/clug-talk_clug.ca
     

_______________________________________________
clug-talk mailing list
[EMAIL PROTECTED]
http://clug.ca/mailman/listinfo/clug-talk_clug.ca
   



_______________________________________________
clug-talk mailing list
[EMAIL PROTECTED]
http://clug.ca/mailman/listinfo/clug-talk_clug.ca
 



_______________________________________________
clug-talk mailing list
[EMAIL PROTECTED]
http://clug.ca/mailman/listinfo/clug-talk_clug.ca