|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Discovering users by RCPT TO
From: Vince Hoang (vince
litrium.com)
Date: Thu Jan 13 2005 - 17:20:15 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, Jan 13, 2005 at 02:20:12PM -0500, Chris Buechler wrote:
> I'd recommend disabling it unless you get flooded by such spam
> attacks. I would probably consider it unnecessary information
> disclosure, depending on the environment and reason (if any)
> for doing it that way.
Some MTAs allow permit you to drop the session after a certain
number of failures, but that only slows down the dictionary
attacks.
You cannot disable RCPT TO because that is how the SMTP protocol
designates the recipients.
-Vince
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]