|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-Disclosure] Block notification / bounce mails (as in DDOS)
From: Koen (koen4security
hotmail.com)
Date: Thu Apr 01 2004 - 13:46:26 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Tomasz Konefal wrote:
> first off, the From: header would not normally be the one emails get
> bounced to. rather, it would be the "MAIL FROM" envelope header. in
> any case, my 'solution' would be to temporarily drop all mail destined
> to this deluged account to /dev/null and set up a new account for the
> busted user. you could alternatively set up a "user relocated" reply on
> the server or just kill the account altogether and send responses of "no
> such local user". you get the general idea. not a great solution, but
> only one person's email is crapped out instead of everyone's. when the
> DDoS looks like it's petering away you can set up an alias from the old
> to the new account to reenable legitimate mails to get to the user.
Hi,
A "user relocated" reply would only increase the problem. The problem isn't
limited to one mailbox or user-account but rather to "all" mailboxes.
Thanks anyway
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]