Dictionary Attacks / Exchange Server 2003

We are currently using an outside service company as our email service provider.

Recently our email service has been going down because, apparently, our domain has been the target of dictionary attacks.

Our email service provider's explanation is as follows:  "Basically we see upwards of 350,000 emails within 1/2 hour against the server".  The return addresses are bogus and the current server does not have the capability to stop this".

Can anyone explain what a dictionary attack is?

Also, if we decide to bring our email 'in-house' what sort of impact will these dictionary attacks have on our Small Business Server 2003?

Finally, is there any type of software that will help to stop these attacks?

Thanks, Sandra
sandra72Asked:
Who is Participating?
 
dynamitedotorgConnect With a Mentor Commented:
Dictionary attacks are where email is sent to random address at a particular domain in the hope that some of them will work. It can also be used to find out what email addresses exist in a particular domain.

With Exchange 2003 you can enable recipient filtering to block unknown addresses at SMTP time, and with Windows 2003 SP1 you can add tarpitting to slow down dictionary attacks.

Impact wise, depending on your infrastructure and configuration, the dictionary attacks could flood your internet connection and/or cause unduly high load on your Exchange server.

Tarpitting: http://support.microsoft.com/default.aspx?kbid=842851
0
 
sandra72Author Commented:
Thanks for the explanation - very helpful.  Is there any type of spam software or hardware that will stop or prevent the attacks from occurring?
0
 
SembeeConnect With a Mentor Commented:
Sounds like a directory harvest attack.

If the external company cannot deal with a simple attack of that kind, then they shouldn't be in the business of providing email services commercially. Harsh but that is the way of the world.

Exchange 2003 with Windows 2003 SP1 (which is basically what SBS is with all the latest service packs) has a built in facility to deal with directory harvest attacks that stops them stone dead. It is called recipient filtering and the tar pit.
http://www.amset.info/exchange/filter-unknown.asp

I enable those options on all of the servers that I deal with and I haven't seen the problem with any of them. Spammers soon give up once they realise that you are using a tar pit.

Simon.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.