|
|
For more than 20 years, e-mail has been one of the most important applications on the Internet. SMTP forms the backbone for most e-mail transfer. Because of its popularity, it is also the source of many security problems. Below is a list of some of the more common attacks against SMTP servers. - pipe
- Attempts to forward e-mail to a program it can run
- DEBUG
- Old admin backdoor
- HELO very long
- Intruder may be attempting a "buffer-overflow" exploit.
- EXPN
- Attempts to find users by scanning the e-mail server.
- VRFY
- Attempts to find users by scanning the e-mail server.
- WIZ
- Very old admin backdoor
- Too many recipients
- Spammer may be attempting to abuse your e-mail system by relaying spam through it.
- corrupted MAIL command
- Intruder may be attempting to compromise the system.
- email name very long
- Intruder may be attempting a "buffer-overflow" exploit.
- corrupted RCPT command
- Intruder may be attempting to compromise the system.
- command very long
- Intruder may be attempting a "buffer-overflow" exploit.
- mail to decode alias
- Intruder may be attempting to compromise the system.
- mail to uudecode alias
- Intruder may be attempting to compromise the system.
- too many errors
- Suspicious activity seen that may be part of an attempt to breach the system.
- MIME file name very long
- Intruder may be attempting to compromise e-mail clients.
- uucp-style recipient
- Intruder may be attempting to relay spam through the system.
- login failed
- Many failed attempts have been made to login to the system, indicating a possible attempt at guessing passwords.
- Telnet abuse
- Somebody opens a command shell directly to the e-mail server and noses around.
|
