From: Craig White (craigwhiteazapple.com)
Date: Tue Jan 01 2008 - 19:48:10 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2008-01-02 at 10:29 +0900, Matthias Schmidt wrote:
> Am/On Tue, 1 Jan 2008 17:31:29 -0500 schrieb/wrote Wietse Venema:
>
> >JD Bronson:
> >> I am looking for any advice on how to mitigate an attack.
> >>
> >> I appear to be under attack from IPs all over the world attempting
> >> to send email to one of my domains with all invalid usernames:
> >>
> >> For example:
> >> 1 Laasixcompanies.com (<>)
> >> 1 Leitnerkkiwhsixcompanies.com (<>)
> >> 1 lemerandsixcompanies.com (<>)
> >> 1 Linassixcompanies.com (<>)
> >> 1 Littleflowersixcompanies.com (<>)
> >> 1 Lounekmmhvpsixcompanies.com (<>)
> >> 1 isabelle.lundquistsixcompanies.com (<>)
> >> 1 merloptlqsixcompanies.com (<>)
> >> 1 Mikhail-Rowensixcompanies.com (<>)
> >> 1 Miu_Connollysixcompanies.com (<>)
> >> 1 Natorywasixcompanies.com (<>)
> >> (tons and tons of these)
> >
> >Backscatter. Joe-job.
>
> I don't think so.
> imho it is a bot-net spam-attack.
> There's is just in the moment a discussion about this on the
> spamassassin list.
> The thread is called Re: DDOS, Dictionary Attack... not sure what it is...
>
> one solution is imho to require that an ip resolves, this already dropps
> more than 90% of such mails, the rest gets blocked by DNSBLs, like spamhaus.
>
> check the thread out, there are a couple of suggestions to solve the problem.
----
appears to be the very same thing and yes, when your domain has been
joe-jobbed, the backscatter can seem exactly like a denial of service
attack

requiring reverse dns is something I agree with but that doesn't stop
backscatter in this situation at all - at least, not enough.

Craig

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]