directory harvest attack

A directory harvest attack can use either of two methods for harvesting valid e-mail addresses. The first method uses a brute force approach to send a message to all possible alphanumeric combinations that could be used for the username part of an e-mail at the server, up to and including those of length n characters (where n is some preset positive integer such as 15). The second and more selective method involves sending a message to the most likely usernames - for example, for all possible combinations of first initials followed by common surnames. In either case, the e-mail server generally returns a "Not found" reply message for all messages sent to a nonexistent address, but does not return a message for those sent to valid addresses. The DHA program creates a database of all the e-mail addresses at the server that were not returned during the attack.

The DHA approach explains how a new e-mail address can start receiving spam within days or hours after its creation. Various solutions have been developed toward repelling these attacks. Some of the most effective involve slowing down the rate at which the attack can take place, rather than attempting to filter out the entire attack. This can be done by limiting the number of e-mail messages per minute or per hour at which a server can receive messages, legitimate or otherwise. So-called spam filters, programmed to identify character and word combinations typical of spam, can also be effective, although they occasionally reject legitimate messages.

Read more about directory harvest attack: - PC Magazine offers an article about "Understanding Directory Harvest Attacks." - This SearchSecurity.com article asks, "Is your e-mail server ripe for harvesting?" - Postini offers products that help ward off directory harvest attacks.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

BROWSE BY TAG Application and Platform Security,   Application Attacks (Buffer Overflows, Cross-Site Scripting),   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT PCI management: The case for Web application firewalls Expert Michael Cobb lays out the compliance and security benefits of Web application firewalls. Month of Twitter Bugs project to document Twitter flaws Security researcher Aviv Raff will document a number of cross-site scripting (XSS) flaws and other errors threatening Twitter users. Adobe issues first quarterly patch release fixing 13 flaws Adobe's first quarterly security patch release includes fixes for critical vulnerabilities in Adobe Reader and Adobe Acrobat.

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary buffer overflow  (SearchSecurity.com) cache poisoning  (SearchSecurity.com)