nanog mailing list archives
Weird distributed spam attack
From: dru-nanog () redwoodsoft com
Date: Tue, 19 Nov 2002 18:42:54 -0800 (PST)
Unless, I missed the posts about this,.. I just (and still am experiencing) a distributed spam attack. I have a small machine at a colo. Today I check my inbox and there are 2000+ extra messages to a domain I have 'zbot.net'. The messages are doing 4 letter combinations for the recipient. (abde, abdf, etc.) The from's are all mybestplacetoshop () ainet us I check my qmail queue -> its at 13405 messages. I shut down mail and remove the email from the queue. Here is the kicker. I check where these are coming from, they are from all over the place. I check for IP address spoofing... not happening. No IP options or TCP options. This came from like about 300 different networks, and yes I don't accept source routing (IP Options). Anyways, it happened to my machine, I stopped accepting mail to that domain from qmail-smtpd, so I'm back to normal. If anyone want's a tcpdump of the connection attempts or the emails. Let me know. Dru Nelson San Carlos, California
Current thread:
- Weird distributed spam attack dru-nanog (Nov 19)
- Re: Weird distributed spam attack Mike Lewinski (Nov 20)
- Re: Weird distributed spam attack chuck goolsbee (Nov 20)
- RE: Weird distributed spam attack Jacob M Wilkens (Nov 20)
- Re: Weird distributed spam attack Bryan Bradsby (Nov 20)
- Re: Weird distributed spam attack sjj (Nov 22)
- Re: Weird distributed spam attack chuck goolsbee (Nov 20)
- <Possible follow-ups>
- Re: Weird distributed spam attack Joe St Sauver (Nov 20)
- Re: Weird distributed spam attack Margie Arbon (Nov 20)
- Re: Weird distributed spam attack Kai Schlichting (Nov 20)
- Re: Weird distributed spam attack Chip Rosenthal (Nov 22)
- Re: Weird distributed spam attack Mike Lewinski (Nov 20)