[GTER] Fw: Weird distributed spam attack

Mauro Severo Moreira mauro at funiber.org.br
Mon Nov 25 16:01:00 -02 2002 

Mas ela continua viva.... acredite!
:o)
_____________________________________
Mauro Severo Moreira -  admin. da rede.
suportebrasil at funiber.org
Fone  +55 48 237-2909
Fundação Universitária Iberoamericana - Brasil
http://funiber.org.br
Av. Campeche, 1255 - Cep: 88063-300
Florianópolis - SC - Brasil
_____________________________________
----- Original Message -----
From: "Luiz Eduardo (Doc)" <doc at n3tworkZ.com>
To: <gter at eng.registro.br>
Sent: Monday, November 25, 2002 3:50 PM
Subject: [GTER] Fw: Weird distributed spam attack


> Reenviando.
>
> Não tenho recebido emails da lista.
>
> []s
> le
> ----- Original Message -----
> From: "Luiz Eduardo (Doc)" <doc at n3tworkZ.com>
> To: <gter at eng.registro.br>
> Sent: Friday, November 22, 2002 12:06 PM
> Subject: Fw: Weird distributed spam attack
>
>
> > Alguém aí vendo a mesma coisa?
> >
> > []s
> > le
> >
> > ----- Original Message -----
> > From: <dru-nanog at redwoodsoft.com>
> > To: <nanog at merit.edu>
> > Sent: Tuesday, November 19, 2002 6:42 PM
> > Subject: Weird distributed spam attack
> >
> >
> > >
> > >
> > > Unless, I missed the posts about this,.. I just
> > > (and still am experiencing) a distributed spam
> > > attack.
> > >
> > > I have a small machine at a colo. Today I check my
> > > inbox and there are 2000+ extra messages to
> > > a domain I have 'zbot.net'. The messages are doing
> > > 4 letter combinations for the recipient. (abde, abdf, etc.)
> > > The from's are all mybestplacetoshop at ainet.us
> > > I check my qmail queue -> its at 13405 messages.
> > > I shut down mail and remove the email from the queue.
> > >
> > > Here is the kicker. I check where these are coming from, they
> > > are from all over the place. I check for IP address spoofing...
> > > not happening. No IP options or TCP options.
> > >
> > > This came from like about 300 different networks, and yes
> > > I don't accept source routing (IP Options).
> > >
> > >
> > > Anyways, it happened to my machine, I stopped accepting mail
> > > to that domain from qmail-smtpd, so I'm back to normal.
> > > If anyone want's a tcpdump of the connection attempts
> > > or the emails. Let me know.
> > >
> > >
> > > Dru Nelson
> > > San Carlos, California
> > >
> > >
> > >
> > >
> >
>
> --
> GTER list    http://eng.registro.br/mailman/listinfo/gter
>
>

More information about the gter mailing list