Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: SMTP in distributed DOS

  • From: I Am Not An Isp
  • Date: Sun Feb 20 15:30:37 2000


At 11:04 AM 2/20/00 -0800, Dirk Harms-Merbitz wrote:

>We are currently seeing this first hand: Our real mail.power.net is
>at 207.151.19.8. The attacker is sending individualized emails with
>faked headers that contain "mail.power.net (unverified [209.26.14.22])".
>
>The recipient computers are dumb enough to send their bounces to
>the real mail.power.net.

This is the problem - a mail server stupid enough to send a bounce to an unverified host name, instead of the connecting IP address.


>This is a DOS because the innocent mail server a) gets millions of
>bounces and b) might get black listed on various "anti-spam" lists.

What anti-spam list maintainer would add an unverified host name in a header? Especially when the IP address does not match the hostname?


>Dirk

TTFN,
patrick

--
I Am Not An Isp - www.ianai.net
ISPF, The Forum for ISPs by ISPs, <http://www.ispf.com>
"Think of it as evolution in action." - Niven & Pournelle
(Enable? We dunt need no stinkin' enable!!)






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.