Solved

Dictionary Attacks / Exchange Server 2003

Posted on 2006-10-27
3
551 Views
Last Modified: 2008-03-10
We are currently using an outside service company as our email service provider.

Recently our email service has been going down because, apparently, our domain has been the target of dictionary attacks.

Our email service provider's explanation is as follows:  "Basically we see upwards of 350,000 emails within 1/2 hour against the server".  The return addresses are bogus and the current server does not have the capability to stop this".

Can anyone explain what a dictionary attack is?

Also, if we decide to bring our email 'in-house' what sort of impact will these dictionary attacks have on our Small Business Server 2003?

Finally, is there any type of software that will help to stop these attacks?

Thanks, Sandra
0
Comment
Question by:sandra72
3 Comments
 
LVL 5

Accepted Solution

by:
dynamitedotorg earned 400 total points
ID: 17819232
Dictionary attacks are where email is sent to random address at a particular domain in the hope that some of them will work. It can also be used to find out what email addresses exist in a particular domain.

With Exchange 2003 you can enable recipient filtering to block unknown addresses at SMTP time, and with Windows 2003 SP1 you can add tarpitting to slow down dictionary attacks.

Impact wise, depending on your infrastructure and configuration, the dictionary attacks could flood your internet connection and/or cause unduly high load on your Exchange server.

Tarpitting: http://support.microsoft.com/default.aspx?kbid=842851
0
 

Author Comment

by:sandra72
ID: 17819624
Thanks for the explanation - very helpful.  Is there any type of spam software or hardware that will stop or prevent the attacks from occurring?
0
 
LVL 104

Assisted Solution

by:Sembee
Sembee earned 100 total points
ID: 17819730
Sounds like a directory harvest attack.

If the external company cannot deal with a simple attack of that kind, then they shouldn't be in the business of providing email services commercially. Harsh but that is the way of the world.

Exchange 2003 with Windows 2003 SP1 (which is basically what SBS is with all the latest service packs) has a built in facility to deal with directory harvest attacks that stops them stone dead. It is called recipient filtering and the tar pit.
http://www.amset.info/exchange/filter-unknown.asp

I enable those options on all of the servers that I deal with and I haven't seen the problem with any of them. Spammers soon give up once they realise that you are using a tar pit.

Simon.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now