[Intrusions] Increased mail address harvesting
Maxime Ducharme
mducharme at cybergeneration.com
Fri Jul 2 13:58:44 GMT 2004
Hi Michael,
we are experiencing same issue here, about 4-5 domains
a day get harvested, our retry queue is always filling
up with bogus User unknown bounces.
I'd be interested if you know any good scripts.
Thanks in advance
Maxime Ducharme
Programmeur / Spécialiste en sécurité réseau
----- Original Message -----
From: "Michael Schwartzkopff" <misch at multinet.de>
To: <intrusions at incidents.org>
Sent: Tuesday, June 29, 2004 5:40 AM
Subject: [Intrusions] Increased mail address harvesting
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> On my mail server I see an increased harvesting traffic for mail
addresses. It
> seems that compromised dial-up clients scan for semi-random generated mail
> addresses.
>
> Is there any good script which reads postfix output ("User unknown") and
feeds
> the firewall accordingly? Thanks.
>
> - --
> Dr. Michael Schwartzkopff
> MultiNET Services GmbH
> Bretonischer Ring 7
> 85630 Grasbrunn
>
> Tel: (+49 89) 456 911 - 0
> Fax: (+49 89) 456 911 - 21
> mob: (+49 174) 343 28 75
>
> PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
>
> iD8DBQFA4TkjqndXpO3Yl5sRAnPWAJ9WQPrP8M/mtpsAZ7/R4zOtnqnuYgCfVWet
> oqOkexoG4YsXPMRq8X+r9JE=
> =E7Sc
> -----END PGP SIGNATURE-----
> _______________________________________________
> Intrusions mailing list
> Intrusions at lists.sans.org
> http://www.dshield.org/mailman/listinfo/intrusions
>
More information about the Intrusions
mailing list