Security Incidents mailing list archives
Re: Distributed spam-based DoS in progress
From: Transistor Sister <raven () cybercom net>
Date: Tue, 18 Feb 2003 21:35:33 -0500 (EST)
On Tue, 18 Feb 2003, Kee Hinckley wrote:
One theory I've heard on this is that the script kiddies are using spam for DoS attacks under the (probably correct) assumption that if you report it to the relevant authorities they will dismiss it as "just being spam." This was from someone who had in fact tried to report such a DoS attack and received just that response.
I phoned CERT and they said pretty much the same thing, but for all intents and purposes spam pretty much stops becoming spam when it becomes a denial of service. It seems that there are very few people out there who have seen this but I'm sure it's not far off from becoming more prevalent. After we got the situation under control we took a look at the data and found that we are the victim of a dictionary attack. Basically this guy is hitting us using a huge list of users. Some are random, but others look like they may have been culled from another victim site. After getting lots of great advice from members on this list, we have implemented RBL. Thousands of messages are now being refused and the mail relays are staying up. Thanks to all for your assistance. Regards, .Sarah ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Distributed spam-based DoS in progress Transistor Sister (Feb 17)
- Re: Distributed spam-based DoS in progress Hugo van der Kooij (Feb 18)
- Re: Distributed spam-based DoS in progress Valdis . Kletnieks (Feb 18)
- Re: Distributed spam-based DoS in progress Kee Hinckley (Feb 19)
- Re: Distributed spam-based DoS in progress Transistor Sister (Feb 19)
- Re: Distributed spam-based DoS in progress Rohan Amin (Feb 20)
- RE: Distributed spam-based DoS in progress Steve Drees (Feb 19)
- Re: Distributed spam-based DoS in progress Transistor Sister (Feb 19)
- <Possible follow-ups>
- RE: Distributed spam-based DoS in progress Dave Hart (Feb 18)
- RE: Distributed spam-based DoS in progress Hugo van der Kooij (Feb 19)
- RE: Distributed spam-based DoS in progress Dave Hart (Feb 19)
- Re: Distributed spam-based DoS in progress Hugo van der Kooij (Feb 18)