Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Phishing By Dummies | Main | Don't Phishers Do the Math? »

August 06, 2006

Attack of the Dictionaries!

When I first set up my email account (eons ago), the default configuration was as what is known as a "catch-all" account. In other words, an email message addressed to any user ID at my domain would be handled as if it were addressed to my preferred user ID.

These days, running your email server with a catch-all account is tantamount to suicide by spam—spamicide, if you will.

My email server is set up to accept messages addressed to only a handful of user names, while any attempted connection for the purpose of sending to a different user name is immediately rejected. If you are a real correspondent, you will be alerted within seconds of clicking the Send button that something is amiss. If you're a spammer sending through zombie PCs, the zombie ignores the rejection and carries on with its mindless spamming to the next address on its list.

I talk more at length about dictionary attacks in Spam Wars, so there's no need to embellish here. I bring up this subject because I noticed a huge spike in attempts to send mail to unassigned user IDs yesterday. The usual background noise of such mail is on the order of 1500-3000 per day. Saturday's spike (visible for one week on the Spam Wars Spam Stats page) shows more than 21,000 such attempts. If I still had my email server set up in catch-all mode, those 21,850 spam messages would have been processed by my spam filters, with some (way too many, probably) getting into my inbox.

In the past, such massive attacks usually come from one IP address (I recall Hong Kong and Canada being past sources). I don't have the time now to look through the logs to find the source, and the incentive to find the originating IP address is probably a waste of time anyway because the attack was most likely done through a multi-step relay with no traceable (by me) record of the real source.

These are the kinds of things that occur every day in spamdom. Most ISPs today expend resources fighting off such attacks, and everyday email users aren't even aware that such things happen. But believe me when I say that we're all paying for it one way or another.

Posted on August 06, 2006 at 01:14 AM