|
|
|
|
|
|
by dangus
502 days ago
|
|
|
You're right, it's not clever at all, the attacker just happened to find a completely zero authentication internal service. They might have even done so via an automated tool like some kind of script kiddie network scanning program. This is the kind of dumb stuff we were doing 30 years ago: making the assumption that being physically on the network implies authentication. There's zero excuse to have a no-auth SMTP server, or anything else for that matter. |
|
|