North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Weird distributed spam attack
- From: dru-nanog
- Date: Tue Nov 19 21:45:43 2002
Unless, I missed the posts about this,.. I just
(and still am experiencing) a distributed spam
I have a small machine at a colo. Today I check my
inbox and there are 2000+ extra messages to
a domain I have 'zbot.net'. The messages are doing
4 letter combinations for the recipient. (abde, abdf, etc.)
The from's are all firstname.lastname@example.org
I check my qmail queue -> its at 13405 messages.
I shut down mail and remove the email from the queue.
Here is the kicker. I check where these are coming from, they
are from all over the place. I check for IP address spoofing...
not happening. No IP options or TCP options.
This came from like about 300 different networks, and yes
I don't accept source routing (IP Options).
Anyways, it happened to my machine, I stopped accepting mail
to that domain from qmail-smtpd, so I'm back to normal.
If anyone want's a tcpdump of the connection attempts
or the emails. Let me know.
San Carlos, California