Solved

Dictionary Attacks / Exchange Server 2003

Posted on 2006-10-27
3
556 Views
Last Modified: 2008-03-10
We are currently using an outside service company as our email service provider.

Recently our email service has been going down because, apparently, our domain has been the target of dictionary attacks.

Our email service provider's explanation is as follows:  "Basically we see upwards of 350,000 emails within 1/2 hour against the server".  The return addresses are bogus and the current server does not have the capability to stop this".

Can anyone explain what a dictionary attack is?

Also, if we decide to bring our email 'in-house' what sort of impact will these dictionary attacks have on our Small Business Server 2003?

Finally, is there any type of software that will help to stop these attacks?

Thanks, Sandra
0
Comment
Question by:sandra72
3 Comments
 
LVL 5

Accepted Solution

by:
dynamitedotorg earned 400 total points
ID: 17819232
Dictionary attacks are where email is sent to random address at a particular domain in the hope that some of them will work. It can also be used to find out what email addresses exist in a particular domain.

With Exchange 2003 you can enable recipient filtering to block unknown addresses at SMTP time, and with Windows 2003 SP1 you can add tarpitting to slow down dictionary attacks.

Impact wise, depending on your infrastructure and configuration, the dictionary attacks could flood your internet connection and/or cause unduly high load on your Exchange server.

Tarpitting: http://support.microsoft.com/default.aspx?kbid=842851
0
 

Author Comment

by:sandra72
ID: 17819624
Thanks for the explanation - very helpful.  Is there any type of spam software or hardware that will stop or prevent the attacks from occurring?
0
 
LVL 104

Assisted Solution

by:Sembee
Sembee earned 100 total points
ID: 17819730
Sounds like a directory harvest attack.

If the external company cannot deal with a simple attack of that kind, then they shouldn't be in the business of providing email services commercially. Harsh but that is the way of the world.

Exchange 2003 with Windows 2003 SP1 (which is basically what SBS is with all the latest service packs) has a built in facility to deal with directory harvest attacks that stops them stone dead. It is called recipient filtering and the tar pit.
http://www.amset.info/exchange/filter-unknown.asp

I enable those options on all of the servers that I deal with and I haven't seen the problem with any of them. Spammers soon give up once they realise that you are using a tar pit.

Simon.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Utilizing an array to gracefully append to a list of EmailAddresses
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question