[GTER] Fw: Weird distributed spam attack
Luiz Eduardo (Doc)
doc at n3tworkZ.com
Mon Nov 25 15:51:00 -02 2002
Reenviando.
Não tenho recebido emails da lista.
[]s
le
----- Original Message -----
From: "Luiz Eduardo (Doc)" <doc at n3tworkZ.com>
To: <gter at eng.registro.br>
Sent: Friday, November 22, 2002 12:06 PM
Subject: Fw: Weird distributed spam attack
> Alguém aí vendo a mesma coisa?
>
> []s
> le
>
> ----- Original Message -----
> From: <dru-nanog at redwoodsoft.com>
> To: <nanog at merit.edu>
> Sent: Tuesday, November 19, 2002 6:42 PM
> Subject: Weird distributed spam attack
>
>
> >
> >
> > Unless, I missed the posts about this,.. I just
> > (and still am experiencing) a distributed spam
> > attack.
> >
> > I have a small machine at a colo. Today I check my
> > inbox and there are 2000+ extra messages to
> > a domain I have 'zbot.net'. The messages are doing
> > 4 letter combinations for the recipient. (abde, abdf, etc.)
> > The from's are all mybestplacetoshop at ainet.us
> > I check my qmail queue -> its at 13405 messages.
> > I shut down mail and remove the email from the queue.
> >
> > Here is the kicker. I check where these are coming from, they
> > are from all over the place. I check for IP address spoofing...
> > not happening. No IP options or TCP options.
> >
> > This came from like about 300 different networks, and yes
> > I don't accept source routing (IP Options).
> >
> >
> > Anyways, it happened to my machine, I stopped accepting mail
> > to that domain from qmail-smtpd, so I'm back to normal.
> > If anyone want's a tcpdump of the connection attempts
> > or the emails. Let me know.
> >
> >
> > Dru Nelson
> > San Carlos, California
> >
> >
> >
> >
>
More information about the gter
mailing list