Re: [exim] Spamtrap harvesting idea using fake authenticatio…

Inizio della pagina
Questo messaggio è parte di questo thread:
M--\il thread completo ordinato per data
M-\MCyborg at <-
M\MMPhil Pennock at ->
Delete this message
Reply to this message
Autore: Ian Eiloart
Data:  
To: Marc Perkel
CC: exim-users@exim.org users
Oggetto: Re: [exim] Spamtrap harvesting idea using fake authentication

On 6 Jun 2013, at 19:52, Marc Perkel <marc@???> wrote:

> Suppose we reconfigured servers with no authentication configuration to advertise that they take authentication and that you have a fake authenticator that accepts any password.

It might be better to accept only, say, 1% of authentication attempts. That would prevent the hacker from trivially detecting your trap (by authenticating to the same account with two different passwords). You could use the rate limit facility to increase the likelihood of success. Exim doesn't have, as far as I know, a random number generator, but you could perhaps use a hash of the username/password/date string.

--
Ian Eiloart
Postmaster, University of Sussex
+44 (0) 1273 87-3148

Questo messaggio è stato inviato alle seguenti mailing lists:
Exim-users
Informazioni sulla Mailing List | Messaggi correlati		<-Re: [exim] someone posted an none working exploit for exim[exim] Security reminder on email address characters->
Tahini and Hummus and Cumin Development Archives amministrato da cumin AdminsLurker (versione 2.3)