nanog mailing list archives

Re: SMTP in distributed DOS

From: I Am Not An Isp <patrick () ianai net>
Date: Sun, 20 Feb 2000 11:59:42 -0800


At 11:04 AM 2/20/00 -0800, Dirk Harms-Merbitz wrote:

>We are currently seeing this first hand: Our real mail.power.net is
>at 207.151.19.8. The attacker is sending individualized emails with
>faked headers that contain "mail.power.net (unverified [209.26.14.22])".
>
>The recipient computers are dumb enough to send their bounces to
>the real mail.power.net.

This is the problem - a mail server stupid enough to send a bounce to anunverified host name, instead of the connecting IP address.



>This is a DOS because the innocent mail server a) gets millions of
>bounces and b) might get black listed on various "anti-spam" lists.

What anti-spam list maintainer would add an unverified host name in aheader? Especially when the IP address does not match the hostname?



>Dirk

TTFN,
patrick

--
  I Am Not An Isp - www.ianai.net
  ISPF, The Forum for ISPs by ISPs, <http://www.ispf.com>
  "Think of it as evolution in action." - Niven & Pournelle
  (Enable?  We dunt need no stinkin' enable!!)

Current thread:

SMTP in distributed DOS Dirk Harms-Merbitz (Feb 20)
- Re: SMTP in distributed DOS I Am Not An Isp (Feb 20)
  - Re: SMTP in distributed DOS Valdis . Kletnieks (Feb 20)
    - Re: SMTP in distributed DOS Adam McKenna (Feb 20)
    - Re: SMTP in distributed DOS Valdis . Kletnieks (Feb 20)
    - Re: SMTP in distributed DOS I Am Not An Isp (Feb 20)
- Re: SMTP in distributed DOS Deepak Jain (Feb 20)
- Re: SMTP in distributed DOS Michael Shields (Feb 21)
  - Re: SMTP in distributed DOS Deepak Jain (Feb 21)
    - Re: SMTP in distributed DOS Michael Shields (Feb 21)
  - Re: SMTP in distributed DOS Steve Sobol (Feb 21)