Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Weird distributed spam attack

  • From: dru-nanog
  • Date: Tue Nov 19 21:45:43 2002


Unless, I missed the posts about this,.. I just
(and still am experiencing) a distributed spam
attack.

I have a small machine at a colo. Today I check my
inbox and there are 2000+ extra messages to
a domain I have 'zbot.net'. The messages are doing
4 letter combinations for the recipient. (abde, abdf, etc.)
The from's are all mybestplacetoshop@ainet.us
I check my qmail queue -> its at 13405 messages.
I shut down mail and remove the email from the queue.

Here is the kicker. I check where these are coming from, they
are from all over the place. I check for IP address spoofing...
not happening. No IP options or TCP options.

This came from like about 300 different networks, and yes
I don't accept source routing (IP Options).


Anyways, it happened to my machine, I stopped accepting mail
to that domain from qmail-smtpd, so I'm back to normal.
If anyone want's a tcpdump of the connection attempts
or the emails. Let me know.


Dru Nelson
San Carlos, California







Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.