Solved

Dictionary Attacks / Exchange Server 2003

Posted on 2006-10-27
3
559 Views
Last Modified: 2008-03-10
We are currently using an outside service company as our email service provider.

Recently our email service has been going down because, apparently, our domain has been the target of dictionary attacks.

Our email service provider's explanation is as follows:  "Basically we see upwards of 350,000 emails within 1/2 hour against the server".  The return addresses are bogus and the current server does not have the capability to stop this".

Can anyone explain what a dictionary attack is?

Also, if we decide to bring our email 'in-house' what sort of impact will these dictionary attacks have on our Small Business Server 2003?

Finally, is there any type of software that will help to stop these attacks?

Thanks, Sandra
0
Comment
Question by:sandra72
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 5

Accepted Solution

by:
dynamitedotorg earned 400 total points
ID: 17819232
Dictionary attacks are where email is sent to random address at a particular domain in the hope that some of them will work. It can also be used to find out what email addresses exist in a particular domain.

With Exchange 2003 you can enable recipient filtering to block unknown addresses at SMTP time, and with Windows 2003 SP1 you can add tarpitting to slow down dictionary attacks.

Impact wise, depending on your infrastructure and configuration, the dictionary attacks could flood your internet connection and/or cause unduly high load on your Exchange server.

Tarpitting: http://support.microsoft.com/default.aspx?kbid=842851
0
 

Author Comment

by:sandra72
ID: 17819624
Thanks for the explanation - very helpful.  Is there any type of spam software or hardware that will stop or prevent the attacks from occurring?
0
 
LVL 104

Assisted Solution

by:Sembee
Sembee earned 100 total points
ID: 17819730
Sounds like a directory harvest attack.

If the external company cannot deal with a simple attack of that kind, then they shouldn't be in the business of providing email services commercially. Harsh but that is the way of the world.

Exchange 2003 with Windows 2003 SP1 (which is basically what SBS is with all the latest service packs) has a built in facility to deal with directory harvest attacks that stops them stone dead. It is called recipient filtering and the tar pit.
http://www.amset.info/exchange/filter-unknown.asp

I enable those options on all of the servers that I deal with and I haven't seen the problem with any of them. Spammers soon give up once they realise that you are using a tar pit.

Simon.
0

Featured Post

[Webinar] Code, Load, and Grow

Managing multiple websites, servers, applications, and security on a daily basis? Join us for a webinar on May 25th to learn how to simplify administration and management of virtual hosts for IT admins, create a secure environment, and deploy code more effectively and frequently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question