directory harvest attack

A directory harvest attack can use either of two methods for harvesting valid e-mail addresses. The first method uses a brute force approach to send a message to all possible alphanumeric combinations that could be used for the username part of an e-mail at the server, up to and including those of length n characters (where n is some preset positive integer such as 15). The second and more selective method involves sending a message to the most likely usernames - for example, for all possible combinations of first initials followed by common surnames. In either case, the e-mail server generally returns a "Not found" reply message for all messages sent to a nonexistent address, but does not return a message for those sent to valid addresses. The DHA program creates a database of all the e-mail addresses at the server that were not returned during the attack.

The DHA approach explains how a new e-mail address can start receiving spam within days or hours after its creation. Various solutions have been developed toward repelling these attacks. Some of the most effective involve slowing down the rate at which the attack can take place, rather than attempting to filter out the entire attack. This can be done by limiting the number of e-mail messages per minute or per hour at which a server can receive messages, legitimate or otherwise. So-called spam filters, programmed to identify character and word combinations typical of spam, can also be effective, although they occasionally reject legitimate messages.

Learn more about Application Attacks (Buffer Overflows, Cross-Site Scripting)

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

More resources from around the web: - PC Magazine offers an article about "Understanding Directory Harvest Attacks." - This SearchSecurity.com article asks, "Is your e-mail server ripe for harvesting?" - Postini offers products that help ward off directory harvest attacks.

FILE EXTENSION AND FILE FORMAT LIST File Extension and File Format List: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

RELATED CONTENT Latest zero-day attacks only target IE 6, Microsoft says Security protections in newer versions of Internet Explorer help defend against ongoing attacks. Software giant urges users to implement workarounds. Social networking security: Twitter, Facebook hacker attacks climbing Roundup: Get the latest news on social networking security and the tactics that cybercriminals are using to break into social network accounts to... Web application attacks security guide: Preventing attacks and flaws This guide explains how Web application attacks occur, identifies Web application attacks, and provides Web application security tools and tactics to...

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary buffer overflow  (SearchSecurity.com) cache poisoning  (SearchSecurity.com)