New mail blocks result of Ralsky's latest attacks?

Suresh Ramasubramanian suresh at outblaze.com
Fri Oct 10 15:27:06 UTC 2003


Brian Bruns writes on 10/10/2003 8:42 PM:

> Tis one of the reasons why I've disabled SMTP AUTH on all of my servers 
> for now.  I've known about this for a few weeks now.  Its not 
> surprising.  Most of the servers cracked are Exchange servers (probably 
> thanks to weak passwords), but I still don't feel like taking a chance.

Exchange (and MDaemon) seem to be targeted extensively - they have 
admin:admin and guest:guest type default accounts that, if they aren't 
locked down, can be used to AUTH and send out mail.

-- 
srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9
manager, outblaze.com security and antispam operations




More information about the NANOG mailing list