Dictionary Attacks / Exchange Server 2003

Posted on 2006-10-27
Medium Priority
Last Modified: 2008-03-10
We are currently using an outside service company as our email service provider.

Recently our email service has been going down because, apparently, our domain has been the target of dictionary attacks.

Our email service provider's explanation is as follows:  "Basically we see upwards of 350,000 emails within 1/2 hour against the server".  The return addresses are bogus and the current server does not have the capability to stop this".

Can anyone explain what a dictionary attack is?

Also, if we decide to bring our email 'in-house' what sort of impact will these dictionary attacks have on our Small Business Server 2003?

Finally, is there any type of software that will help to stop these attacks?

Thanks, Sandra
Question by:sandra72

Accepted Solution

dynamitedotorg earned 1600 total points
ID: 17819232
Dictionary attacks are where email is sent to random address at a particular domain in the hope that some of them will work. It can also be used to find out what email addresses exist in a particular domain.

With Exchange 2003 you can enable recipient filtering to block unknown addresses at SMTP time, and with Windows 2003 SP1 you can add tarpitting to slow down dictionary attacks.

Impact wise, depending on your infrastructure and configuration, the dictionary attacks could flood your internet connection and/or cause unduly high load on your Exchange server.

Tarpitting: http://support.microsoft.com/default.aspx?kbid=842851

Author Comment

ID: 17819624
Thanks for the explanation - very helpful.  Is there any type of spam software or hardware that will stop or prevent the attacks from occurring?
LVL 104

Assisted Solution

Sembee earned 400 total points
ID: 17819730
Sounds like a directory harvest attack.

If the external company cannot deal with a simple attack of that kind, then they shouldn't be in the business of providing email services commercially. Harsh but that is the way of the world.

Exchange 2003 with Windows 2003 SP1 (which is basically what SBS is with all the latest service packs) has a built in facility to deal with directory harvest attacks that stops them stone dead. It is called recipient filtering and the tar pit.

I enable those options on all of the servers that I deal with and I haven't seen the problem with any of them. Spammers soon give up once they realise that you are using a tar pit.


Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This article describes Top 9 Exchange troubleshooting utilities that every Exchange Administrator should know. Most of the utilities are available free of cost. List of tools that I am going to explain in this article are:   Microsoft Remote Con…
A method of moving multiple mailboxes (in bulk) to another database in an Exchange 2010/2013/2016 environment...
This video discusses moving either the default database or any database to a new volume.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question