[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
> On 19 Dec 2013, at 19:06, Martijn Grooten <dcglug@xxxxxxxxxxxxxxxxxx> wrote: > > But I don't remember ever seeing (or hearing about) a botnet performing an actual > dictionary attack on a domain. It's just not worth it. Think we must be misunderstanding each other. Dictionary harvesting attacks are usually done using long lists of names, it is a well established technique, even has its own Wikipedia article. Apparently I switched ZyNet from sendmail to postfix in the middle of one. Sounds likely, I recall the sendmail config I inherited was pretty lame so any abuse was likely to run it into the ground. At ZyNet we'd see one or two such attacks a week per mail server at their peak. Once three different domains were being attacked simultaneously on the same mail server in the same way. Postfix is your friend in such circumstance, it just brushed it off, but it had been tuned over prior experience. We'd have 100's of domains per mail server, although the attacks were mostly against domains with lots of addresses, whether they just gave up early if the domain didn't yield an address early or selected them some other way I don't know. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq