I actually have two problems that are related to hacking issues using email:
- Mail-Relay: my client's SMTP server is being used as an SMTP relay to perform attacks or send SPAM on the Internet. This led to the fact that the client has been black-listed and is having problems using his email.
- Mail-Bomb: our server has received a mail-bomb (or what I thought to be a mail-bomb) since he was flooded by emails from several sources in a continuous way, and the received emails were trying to "reproduce" themselves on the server and get sent to new hosts.
- How can I provide a solution that will prevent these attacks or at least minimize their impact?
- Would an host-based IDS prevent any of these attacks from happening?
- Would you recommend a software to be installed on the SMTP server that will protect it from mail-relay and mail-bomb attacks?
The only way you can prevent yourself from being used as a relay is to properly configure your SMTP Server. If you want to prevent email born viri from attacking and/or propagating itself with your SMTP Server is through the use of a email based anti-virus solution loaded on your server, or passing all traffic through one of the new anti-virus appliances hitting the market now. With the rapid development of worms and their ability to mutate themselves, trying to keep IDS signatures updated rapidly enough would be next to impossible.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...