Ned Freed wrote:
On every SMTP server in the world, the first 100 to 250 bytes send by
the server after TLS negotiation completes are both constant and known:
they're the EHLO response. So that got me wondering if randomizing the
EHLO response could be helpful in mitigating statistical attacks.
An even simpler thing to do, and which introduces far more variability
initial server response than reording is to return something like this:
C: EHLO 1.com
S: 250-XRAND p9g8u340prt8u390pr83uyfo983yro937yr9o37yr397h
Yep, that would be a lot more effective, with one addition: randomize
the length of that string.
All pending any thoughts on whether this is statistically interesting or
just moving the deck chairs. Even the latter might be useful for putting
a shiny red sticker on the box that says "Now Resists the BEAST!"
(Curse djb for not coming up with a clever name for their attack....)
ietf-smtp mailing list