nanog mailing list archives
Re: Distributed Dictonary email slam
From: Barney Wolff <barney () databus com>
Date: Sun, 5 Sep 2004 21:12:31 -0400
On Sun, Sep 05, 2004 at 03:39:50PM -0600, Matt Hess wrote:
And of course a few suggestions to mitigate this would be appreciated.. I currently employ multiple blacklists such as spamcop.net, abuseat.org, spews level 1 and 2, and spamhaus, plus my own blocklists for china and korea to check on incoming email source addresses.
Happened to me a few times, which is funny for a 1-man company with very few legit user-ids - >100K requests per day for nonexistent users. I used ipfw to limit each sender to 1 simultaneous conns, turned on sendmail's delay on bad users after 1 and edited the sendmail source to wait 10 sec before responding rather than 1. That seems to have discouraged them some. As has been mentioned, the key is either not to have/be a secondary mx or to make it smart enough to know who's valid, to avoid DoSing the forged senders. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net.
Current thread:
- Distributed Dictonary email slam Matt Hess (Sep 05)
- Re: Distributed Dictonary email slam Christopher X. Candreva (Sep 05)
- Re: Distributed Dictonary email slam Matt Hess (Sep 05)
- Re: Distributed Dictonary email slam Randy Bush (Sep 05)
- Re: Distributed Dictonary email slam Matt Hess (Sep 05)
- Re: Distributed Dictonary email slam Matt Hess (Sep 05)
- Re: Distributed Dictonary email slam Jared Mauch (Sep 06)
- Re: Distributed Dictonary email slam Christopher X. Candreva (Sep 06)
- Re: Distributed Dictonary email slam Paul Jakma (Sep 06)
- Re: Distributed Dictonary email slam Christopher X. Candreva (Sep 05)
- Re: Distributed Dictonary email slam Barney Wolff (Sep 05)