Weird distributed spam attack

• Previous message (by thread): Experts: Don't dismiss cyberattack warning
• Next message (by thread): Weird distributed spam attack
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Unless, I missed the posts about this,.. I just
(and still am experiencing) a distributed spam
attack.

I have a small machine at a colo. Today I check my
inbox and there are 2000+ extra messages to
a domain I have 'zbot.net'. The messages are doing
4 letter combinations for the recipient. (abde, abdf, etc.)
The from's are all mybestplacetoshop at ainet.us
I check my qmail queue -> its at 13405 messages.
I shut down mail and remove the email from the queue.

Here is the kicker. I check where these are coming from, they
are from all over the place. I check for IP address spoofing...
not happening. No IP options or TCP options.

This came from like about 300 different networks, and yes
I don't accept source routing (IP Options).


Anyways, it happened to my machine, I stopped accepting mail
to that domain from qmail-smtpd, so I'm back to normal.
If anyone want's a tcpdump of the connection attempts
or the emails. Let me know.


Dru Nelson
San Carlos, California

• Previous message (by thread): Experts: Don't dismiss cyberattack warning
• Next message (by thread): Weird distributed spam attack
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]