DDoS Question

Raymond L. Corbin rcorbin at hostmysite.com
Fri Sep 28 00:11:20 UTC 2007

Did you check the source IP in the headers? My logs show that they are
coming from a buncha residential IP addresses so its prolly a bot
network doing it. Most of the messages going through our servers with
that have the domain lifeleaksfromyo.com in it which is causing the
messages to fail in our servers. You can always try the rbl that lists a
lot of residential IP's in it...i think it's the PBL from spamhaus. That
would help limit it, and blocking emails with the domain
lifeleaksfromyo.com.... Other then that I'm out of ideas. What spam
appliance are you using?

Raymond Corbin


-----Original Message-----
From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
Martin Hannigan
Sent: Thursday, September 27, 2007 7:32 PM
To: nanog at merit.edu
Subject: DDoS Question


I'm receiving about 25K spams per minute with this subject:

                Subject: "Looking for Sex Tonight? Curtis Blackman"

They randomize the name on the subject line. Is this any particular
virus/malware/zombie signature and any suggestion on how to defend
against it besides what I'm already doing (which is all of the
obvious, rbls, spam appliances, hot cocoa, etc.)?

This happened right around the time I started securing the name server
infrastructure with BIND upgrades and recursor/authoritative NS
splitting. :-)



More information about the NANOG mailing list