[GTER] Fw: Weird distributed spam attack

Luiz Eduardo (Doc) doc at n3tworkZ.com
Tue Nov 26 01:37:00 -02 2002 

Que bom, eu não recebia nada... :-/

mas e aí? alguém teve esse problema?

[]s
le

doc at n3tworkZ.com
----- Original Message -----
From: "Mauro Severo Moreira" <mauro at funiber.org.br>
To: <gter at eng.registro.br>
Sent: Monday, November 25, 2002 10:04 AM
Subject: Re: [GTER] Fw: Weird distributed spam attack


> Mas ela continua viva.... acredite!
> :o)
> _____________________________________
> Mauro Severo Moreira -  admin. da rede.
> suportebrasil at funiber.org
> Fone  +55 48 237-2909
> Fundação Universitária Iberoamericana - Brasil
> http://funiber.org.br
> Av. Campeche, 1255 - Cep: 88063-300
> Florianópolis - SC - Brasil
> _____________________________________
> ----- Original Message -----
> From: "Luiz Eduardo (Doc)" <doc at n3tworkZ.com>
> To: <gter at eng.registro.br>
> Sent: Monday, November 25, 2002 3:50 PM
> Subject: [GTER] Fw: Weird distributed spam attack
>
>
> > Reenviando.
> >
> > Não tenho recebido emails da lista.
> >
> > []s
> > le
> > ----- Original Message -----
> > From: "Luiz Eduardo (Doc)" <doc at n3tworkZ.com>
> > To: <gter at eng.registro.br>
> > Sent: Friday, November 22, 2002 12:06 PM
> > Subject: Fw: Weird distributed spam attack
> >
> >
> > > Alguém aí vendo a mesma coisa?
> > >
> > > []s
> > > le
> > >
> > > ----- Original Message -----
> > > From: <dru-nanog at redwoodsoft.com>
> > > To: <nanog at merit.edu>
> > > Sent: Tuesday, November 19, 2002 6:42 PM
> > > Subject: Weird distributed spam attack
> > >
> > >
> > > >
> > > >
> > > > Unless, I missed the posts about this,.. I just
> > > > (and still am experiencing) a distributed spam
> > > > attack.
> > > >
> > > > I have a small machine at a colo. Today I check my
> > > > inbox and there are 2000+ extra messages to
> > > > a domain I have 'zbot.net'. The messages are doing
> > > > 4 letter combinations for the recipient. (abde, abdf, etc.)
> > > > The from's are all mybestplacetoshop at ainet.us
> > > > I check my qmail queue -> its at 13405 messages.
> > > > I shut down mail and remove the email from the queue.
> > > >
> > > > Here is the kicker. I check where these are coming from, they
> > > > are from all over the place. I check for IP address spoofing...
> > > > not happening. No IP options or TCP options.
> > > >
> > > > This came from like about 300 different networks, and yes
> > > > I don't accept source routing (IP Options).
> > > >
> > > >
> > > > Anyways, it happened to my machine, I stopped accepting mail
> > > > to that domain from qmail-smtpd, so I'm back to normal.
> > > > If anyone want's a tcpdump of the connection attempts
> > > > or the emails. Let me know.
> > > >
> > > >
> > > > Dru Nelson
> > > > San Carlos, California
> > > >
> > > >
> > > >
> > > >
> > >
> >
> > --
> > GTER list    http://eng.registro.br/mailman/listinfo/gter
> >
> >
>
>
> --
> GTER list    http://eng.registro.br/mailman/listinfo/gter

More information about the gter mailing list