betabug... Sascha Welter

home english | home deutsch | Site Map | Sascha | Kontakt | Pro | Weblog | Wiki

06 April 2008

Google Mailservers used for Dictionary Attack

Looks like there is trouble

The last few days I noticed a nice, big dictionary attack targeting my lowly mail server. It's not been the first time and I'm not the only target of this, looks like Tor has seen it too. What is interesting about the attack is that it's abusing a lot of google servers...


Here are some sending mail servers spotted in my logs::

relay=wx-out-0506.google.com [66.249.82.227]
relay=fg-out-1718.google.com [72.14.220.158]
relay=wf-out-1314.google.com [209.85.200.174]
relay=py-out-1112.google.com [64.233.166.177]
...

Of course there aren't only google servers abused in the attack, but there are so many of them, that I spotted them immediately in the logs.

Makes me wonder if nobody at super-hightech google noticed this. Searching around on the web I didn't find anything regarding the attacks at first, until I noticed in a comment in this (only slightly related) post about google mailservers being blacklisted at the New York Times that apparently the captcha test for creating gmail accounts has been broken. According to that comment, it might well be that those accounts might be put to use now by the spammers.

The dictionary attack didn't "get through" on my server of course - I didn't notice a single mail being delivered from it. But that is not such a big relief, the ugly things with dictionary attacks is that even if they don't get through, we loose. Every mail that doesn't get through allows them to strike one match off their space of possible addresses. They are also abusing our server resources, but with the mail server set up to deny mails right at the SMTP prompt, without generating bounces, that's not hurting so much.

Posted by betabug at 10:03 | Comments (0) | Trackbacks (1)
ch athens
Life in Athens (Greece) for a foreigner from the other side of the mountains. And with an interest in digital life and the feeling of change in a big city. Multilingual English - German - Greek.
Main blog page
Recent Entries
Best of
Some of the most sought after posts, judging from access logs and search engine queries.

Apple & Macintosh:
Security & Privacy:
Misc technical:
Athens for tourists and visitors:
Life in general:
<< Island Art | Main | Παιδεία στο τιμόνι >>
Comments
There are no comments.
Trackbacks
You can trackback to: http://betabug.ch/blogs/ch-athens/805/tbping
more on the Dictinary attack : Google Mailservers used for Dictionary Attack

Read the linking post here: Gisvold blog at April 06,2008 14:20
Leave a comment