DDoS Question

• From: Martin Hannigan
• Date: Thu Sep 27 19:44:33 2007

• Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; bh=Gn+XygqQYz1kf//eJYAP/tyQ2trlA+hNOL5EEj69+1k=; b=N+7e3MGYOvc61XnwoxmUpLLTHoJw+9G8j6a9pllnJAVOTdbg9b8NAIcbl7vu7mw5eUkTg9IQklxJwYo6Zy+q8BsfQqmLXJrjXrTqfK9mM7FQWCivPQWTnMHHxKO1o1sTAlTVviHYNtb3Vb3bY7dFCkQZMYyUmxvwG/8Mb3rDBbM=
• Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=CMocqSYn84U0pidkCjRHCaYE3e3E7QfQwRdYrsKEzVxomP3lt+MYK/a2ry6j0/Akb9F+qAD7cnSjl4m+qsOB7Vhkt2t0Tnv+qXYP1JX2ikOTW6Ody7S6nqfSLs4pEGQhZCb4jp2+64lk7BZSWwyNdQn96DUlQv+poLqkRO3FlsM=

Folks,

I'm receiving about 25K spams per minute with this subject:

                Subject: "Looking for Sex Tonight? Curtis Blackman"

They randomize the name on the subject line. Is this any particular
virus/malware/zombie signature and any suggestion on how to defend
against it besides what I'm already doing (which is all of the
obvious, rbls, spam appliances, hot cocoa, etc.)?

This happened right around the time I started securing the name server
infrastructure with BIND upgrades and recursor/authoritative NS
splitting. :-)

Best,

Marty

• Follow-Ups:
  • Re: DDoS Question Sean Donelan
  • RE: DDoS Question Raymond L. Corbin
  • Re: DDoS Question Ken Simpson

• Prev by Date: Re: WG Action: Conclusion of IP Version 6 (ipv6)
• Next by Date: Re: WG Action: Conclusion of IP Version 6 (ipv6)
• Date Index
• Thread Index
• Author Index
• Historical