RE: Block notification / bounce mails (as in DDOS)

["Aditya, ALD [Aditya Lalit Deshmukh]" <aditya.deshmukh () online gateway technolabs net>]

point the mx to 127.0.0.1 or localhost for 3 days

> -----Original Message-----
> From: full-disclosure-admin () lists netsys com
> [mailto:full-disclosure-admin () lists netsys com]On Behalf Of Koen
> Sent: Thursday, April 01, 2004 8:29 PM
> To: full-disclosure () lists netsys com
> Subject: Re: [Full-disclosure] Block notification / bounce mails (as in
> DDOS)
>
>
> Niek Baakman wrote:
> > > <question>
> > > What would you do when a spammer uses your mail-address as the "From:" 
> > > and the mails that are sent by the spammer get all bounced back by 
> > > legitimated mail-servers to your mailhandlers? All the bounces would 
> > > return to you - as you are the 'from' (assume a rate of 1.000 a 
> > > minute) and this traffic would kill your network-connection. You 
> > > wouldn't be able to receive any mail because your mailserver can no 
> > > longer handle the load
> > > </question>
> >
> > - Apply filters on your mailserver.
> These filters will not react because my mailserver 'is' already dead.
> > - If it doesn't harm other employees: temp. change the mx record.
> How would changing my mx-records affect the outcome?
> When the first mailhandler can't handle the load, mail will be 
> picked up by 
> the 'backup-mailserver'..but this would in effect only cascade to 
> the other 
> (backup)mailservers and as a result they would eventually also 
> dye. I think 
> this is only a solution if I can add serveral (and I mean lots of) 
> backupmailservers so that the load is spread. I think this is not 
> really an 
> option.
>
> Thanks for the reponse.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html