[geeks] Surviving a DDoS
Phil Stracchino
phil.stracchino at speakeasy.net
Mon Nov 26 07:11:38 CST 2007
der Mouse wrote:
>> After about 5 minutes of investigating I discovered that I was the
>> recipient of an e-mail resource starvation attack. Someone has a
>> botnet out there that was flooding my e-mail server with bogus
>> connections trying to send e-mail to randomly generated users in my
>> Silicon Security (siliconsec.com) domain.
>
> Do you have any particular reason to think it's an attack per se rather
> than just blowback from a span run that happened to forge users at your
> domain as the senders? I've seen that happen to two domains I've been
> involved with (my own domain and one of my employer's domains), and it
> looks a lot like a DDoS from the victim's point of view, but isn't
> really one in the usual sense of the term.
That. One of my domains (babcom.com) is no longer usable for email
because of the volume of spam; it has been redirected into a spamcop.net
honeypot for about five years now. I talked to Ellen at SpamCop a
couple weeks ago, and she told me the *baseline* spam rate on that
domain is now about 300,000 deliveries per week, and when some spammer
uses babcom.com as the forged source for a large spam run, they've
occasionally had to shut off the feed from the domain because the sheer
volume has brought SpamCop's mail servers to their knees.
--
Phil Stracchino, CDK#2 ICBM: 43.5607, -71.355
Renaissance Man, Unix ronin, Perl hacker, Free Stater
phil.stracchino at speakeasy.net alaric at caerllewys.net
It's not the years, it's the mileage.
More information about the geeks
mailing list