In the last 3 day's I've noticed o lot of Address-scans, nearly in alphabetical order of all the domains hosted on our mailserver.
Those are called a "dictionary attack".
Have you contacted [EMAIL PROTECTED]? That's the first step, if you haven't done so yet.IP's from (examples): 207.44.134.48 207.44.142.84 ... IPWhois Lookup: OrgName: Everyones Internet, Inc. OrgID: EVRY NetRange: 207.44.128.0 - 207.44.255.255 CIDR: 207.44.128.0/17 NetName: EVRY-BLK-11 NetHandle: NET-207-44-128-0-1 Parent: NET-207-0-0-0-0 NetType: Direct Allocation NameServer: NS1.EV1.NET NameServer: NS2.EV1.NET
I've noticed, that the scan is made by one or two mails from <mailto:root@;microsoft.com>[EMAIL PROTECTED] to a lot of recipients of the regarding domain.Dictionary attacks are quite common these days. Unfortunately, there isn't much you can do to stop them -- although in this case, you're lucky that they are using the same return address, so you can block them with IMail's Kill List.
Question: Everyone else has seen this scans on his system?
I've added the indicated senders email-Adress to the Imail Kill-file.
Declude doesn't have a good way to detect/block these, as it doesn't see anything until an E-mail is received, which won't happen during a properly constructed dictionary attack.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
