[geeks] Surviving a DDoS
der Mouse
mouse at Rodents.Montreal.QC.CA
Mon Nov 26 01:42:41 CST 2007
> After about 5 minutes of investigating I discovered that I was the
> recipient of an e-mail resource starvation attack. Someone has a
> botnet out there that was flooding my e-mail server with bogus
> connections trying to send e-mail to randomly generated users in my
> Silicon Security (siliconsec.com) domain.
Do you have any particular reason to think it's an attack per se rather
than just blowback from a span run that happened to forge users at your
domain as the senders? I've seen that happen to two domains I've been
involved with (my own domain and one of my employer's domains), and it
looks a lot like a DDoS from the victim's point of view, but isn't
really one in the usual sense of the term.
In particular, if the hosts "attacking" you include outbound MTAs for
large mailers like Yahoo and AOL, it probably is mostly blowback.
Capture a few of the messages if you really want to be sure.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML mouse at rodents.montreal.qc.ca
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
More information about the geeks
mailing list