Educause Security Discussion mailing list archives
Strnge spammer 'attack'
From: Pete Hickey <pete () SHADOWS UOTTAWA CA>
Date: Wed, 20 Apr 2011 09:42:09 -0400
It's coming from a botnet... tens of thousands of differrent IP addresses. It's slow enough so that it does not noticibly disrupt our mail flow. The To: is about 90% accurated.... seems like a regular spammers list it's working from. The From: is the interesting part. All from yahoo.com and yahoo.com.uk. The userid part is random... very random.... except for the part about mixed case and special characters, they would make hard to guess passwords. Each one is used once or twice. There are hundreds of thousands of them. I'm guessing that they're trying to break our graylisting database. Filling it with so much garbage that it overflows. It's the only thing that makes sense to me. Other ideas? -- Pete Hickey The University of Ottawa "Everyone knows someone Ottawa, Ontario who knows someone else" Canada
Current thread:
- Strnge spammer 'attack' Pete Hickey (Apr 20)
- Re: Strnge spammer 'attack' Guy Pace (Apr 20)