|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: SMTP in distributed DOS
At 11:04 AM 2/20/00 -0800, Dirk Harms-Merbitz wrote: >We are currently seeing this first hand: Our real mail.power.net is >at 207.151.19.8. The attacker is sending individualized emails with >faked headers that contain "mail.power.net (unverified [209.26.14.22])". > >The recipient computers are dumb enough to send their bounces to >the real mail.power.net. This is the problem - a mail server stupid enough to send a bounce to an unverified host name, instead of the connecting IP address. >This is a DOS because the innocent mail server a) gets millions of >bounces and b) might get black listed on various "anti-spam" lists. What anti-spam list maintainer would add an unverified host name in a header? Especially when the IP address does not match the hostname? >Dirk TTFN, patrick -- I Am Not An Isp - www.ianai.net ISPF, The Forum for ISPs by ISPs, <http://www.ispf.com> "Think of it as evolution in action." - Niven & Pournelle (Enable? We dunt need no stinkin' enable!!)
|