|
A Reverse NDR (RNDR) attack is an insidious attack using the compliance of all mail
servers to Internet standards against themselves. RNDR
converts most mail servers into an indirect mail relay and directs
spam to
fictitious addresses at unprotected domains. This action causes the receiving
mail server to attempt to return a non-delivery report usually
accompanied with the original spam message. Of course, the spammer
has forged the sender address and that is really the intended spam victim.
Since first
announced publicly
by CMS in June 2003, Praetor has provided a successful and
proper defense against this attack. Other
products claim to address this vulnerability but their implementation is
partial or incorrect. With a partial RNDR defense, spammers can still
succeed in this attack. An incorrect implementation creates vulnerability to the
"Directory Harvest" attack.
Praetor also includes a traffic report that specifically monitors
Reverse NDR attempts. Using this report, the IP
source can be identified and added to the local black list on the IIS SMTP Server. |
BL-Monitor
