Cisco Cisco Web Security Appliance S670 Troubleshooting Guide

Contributed by John Yu and Robert Sherwin, Cisco TAC Engineers.
Jun 25, 2014

Introduction
Prerequisites
     Requirements
     Components Used
Background Information
Enable DHAP

This document describes how to enable the Directory Harvest Attack Prevention (DHAP) feature on the Cisco
Email Security Appliance (ESA) in order to prevent Directory Harvest Attacks (DHAs).

Cisco recommends that you have knowledge of these topics:

Cisco ESA

• 

AsyncOS

• 

The information in this document is based on all versions of AsyncOS.

The information in this document was created from the devices in a specific lab environment. All of the
devices used in this document started with a cleared (default) configuration. If your network is live, make sure
that you understand the potential impact of any command.

A DHA is a technique that is used by spammers in order to locate valid email addresses. There are two main
techniques that are used in order to generate the addresses that DHA targets:

The spammer creates a list of all possible combinations of letters and numbers, and then appends the
domain name.

• 

The spammer uses a standard dictionary attack with the creation of a list that combines common first
names, surnames, and initials.

• 

The DHAP is a supported feature on the Cisco Content Security Appliances that can be enabled when
Lightweight Directory Access Protocol (LDAP) acceptance validation is used. The DHAP feature keeps track