RE: OWA Enumeration Question

2002-01-08 Thread Blunt, James H (Jim)
, 2002 5:28 PM To: Exchange Discussions Subject: RE: OWA Enumeration Question Do not underestimate the power of a dictionary attack. Especially if the alias of the DL is less than 8 characters long, it is not hard to manage a brute-force attack. -Original Message- From: Blunt, James H (Jim

RE: OWA Enumeration Question

2002-01-07 Thread Chris Scharff
Other possibilities. The DL name is an obvious one that someone would guess (e.g. all@ sales@ hr@). The DL includes an external recipient and someone sent to the DL with it in the to or from field of a message. The address was created through a dictionary generated spam mailing. Someone in your

RE: OWA Enumeration Question

2002-01-07 Thread Blunt, James H (Jim)
Exchang Yoda ;o) -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED]] Sent: Monday, January 07, 2002 2:24 PM To: Exchange Discussions Subject: RE: OWA Enumeration Question Other possibilities. The DL name is an obvious one that someone would guess (e.g. all@ sales@ hr

RE: OWA Enumeration Question

2002-01-07 Thread Chris Scharff
- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Monday, January 07, 2002 5:12 PM To: Exchange Discussions Subject: RE: OWA Enumeration Question Chris, 1. Not an obvious name. 2. duh It did include an external SMTP addr \duh However, the DL was hidden from the GAL

RE: OWA Enumeration Question

2002-01-07 Thread Blunt, James H (Jim)
That's exactly the situation...it's never been used to send ANY mail. Any ideas on what I should do at this point? -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED]] Sent: Monday, January 07, 2002 3:16 PM To: Exchange Discussions Subject: RE: OWA Enumeration Question

RE: OWA Enumeration Question

2002-01-07 Thread Chris Scharff
/exchange.htm hat's exactly the situation...it's never been used to send ANY mail. Any ideas on what I should do at this point? -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED]] Sent: Monday, January 07, 2002 3:16 PM To: Exchange Discussions Subject: RE: OWA Enumeration Question

RE: OWA Enumeration Question

2002-01-07 Thread Blunt, James H (Jim)
I removed it about 1/2 an hour ago. What every other addy in the org? :o( -Original Message- From: Chris Scharff [mailto:[EMAIL PROTECTED]] Sent: Monday, January 07, 2002 3:39 PM To: Exchange Discussions Subject: RE: OWA Enumeration Question Change the SMTP address of the DL

RE: OWA Enumeration Question

2002-01-07 Thread David Lemson
To: Exchange Discussions Subject: RE: OWA Enumeration Question Chris, 1. Not an obvious name. 2. duh It did include an external SMTP addr \duh However, the DL was hidden from the GAL, as was the membership of the DL. 3. Dictionary generated listing wouldn't have worked for reason #1. 4. I COULD