Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Block notification / bounce mails (as in DDOS)
From: "Aditya, ALD [Aditya Lalit Deshmukh]" <aditya.deshmukh () online gateway technolabs net>
Date: Thu, 1 Apr 2004 22:59:42 +0530

point the mx to 127.0.0.1 or localhost for 3 days

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com]On Behalf Of Koen
Sent: Thursday, April 01, 2004 8:29 PM
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Block notification / bounce mails (as in
DDOS)


Niek Baakman wrote:
<question>
What would you do when a spammer uses your mail-address as the "From:" 
and the mails that are sent by the spammer get all bounced back by 
legitimated mail-servers to your mailhandlers? All the bounces would 
return to you - as you are the 'from' (assume a rate of 1.000 a 
minute) and this traffic would kill your network-connection. You 
wouldn't be able to receive any mail because your mailserver can no 
longer handle the load
</question>

- Apply filters on your mailserver.
These filters will not react because my mailserver 'is' already dead.
- If it doesn't harm other employees: temp. change the mx record.
How would changing my mx-records affect the outcome?
When the first mailhandler can't handle the load, mail will be 
picked up by 
the 'backup-mailserver'..but this would in effect only cascade to 
the other 
(backup)mailservers and as a result they would eventually also 
dye. I think 
this is only a solution if I can add serveral (and I mean lots of) 
backupmailservers so that the load is spread. I think this is not 
really an 
option.

Thanks for the reponse.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault