[GTER] Fw: Weird distributed spam attack
Luiz Eduardo (Doc)
doc at n3tworkZ.com
Fri Nov 22 18:07:00 -02 2002
Alguém aí vendo a mesma coisa?
[]s
le
----- Original Message -----
From: <dru-nanog at redwoodsoft.com>
To: <nanog at merit.edu>
Sent: Tuesday, November 19, 2002 6:42 PM
Subject: Weird distributed spam attack
>
>
> Unless, I missed the posts about this,.. I just
> (and still am experiencing) a distributed spam
> attack.
>
> I have a small machine at a colo. Today I check my
> inbox and there are 2000+ extra messages to
> a domain I have 'zbot.net'. The messages are doing
> 4 letter combinations for the recipient. (abde, abdf, etc.)
> The from's are all mybestplacetoshop at ainet.us
> I check my qmail queue -> its at 13405 messages.
> I shut down mail and remove the email from the queue.
>
> Here is the kicker. I check where these are coming from, they
> are from all over the place. I check for IP address spoofing...
> not happening. No IP options or TCP options.
>
> This came from like about 300 different networks, and yes
> I don't accept source routing (IP Options).
>
>
> Anyways, it happened to my machine, I stopped accepting mail
> to that domain from qmail-smtpd, so I'm back to normal.
> If anyone want's a tcpdump of the connection attempts
> or the emails. Let me know.
>
>
> Dru Nelson
> San Carlos, California
>
>
>
>
More information about the gter
mailing list