POP3 DoS attacks and mailanyone.net?
up at 3.am
up at 3.am
Tue Sep 1 19:28:35 UTC 2009
For the first time since I can remember, my POP3 server was effectively
shut down by too many simultaneous connections today. The first fix I
tried was to raise the number of connections from the default 40 to 100,
but the problem soon returned.
I finally ipfw'd off the offending IP (98.190.204.2 for anyone
interested), then went to look for other possible offenders in the log. I
noticed several thousand connections today to a few dozen former users
from 4 IPs from 208.70.128.0/21. One of the users was actually
legitimate.
These IPs belong to mailanyone.net. The tech contact in their ARIN record
is listed as:
OrgTechHandle: BHE57-ARIN
OrgTechName: Heitman, Bryan
OrgTechPhone: +1-816-587-4700
OrgTechEmail: hostmaster at mailanyone.net
However, that phone number goes to a UPS store that has no idea what I'm
talking about. I then dialed their suppseod NOC number:
Comment: FuseMail, LLC Network Operations Center contact
Comment: 877.888.3873 x3
I am on hold with that number right now with some very loud and annoying
music.
Can anyone offer any insight as to these people and how/who to deal with
there?
Would a provider be amiss to just block their entire /21?
TIA,
James Smallacombe PlantageNet, Inc. CEO and Janitor
up at 3.am http://3.am
=========================================================================
More information about the NANOG
mailing list