-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com]On Behalf Of Koen
Sent: Thursday, April 01, 2004 8:29 PM
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Block notification / bounce mails (as in
DDOS)
Niek Baakman wrote:
<question>
What would you do when a spammer uses your mail-address as the "From:"
and the mails that are sent by the spammer get all bounced back by
legitimated mail-servers to your mailhandlers? All the bounces would
return to you - as you are the 'from' (assume a rate of 1.000 a
minute) and this traffic would kill your network-connection. You
wouldn't be able to receive any mail because your mailserver can no
longer handle the load
</question>
- Apply filters on your mailserver.
These filters will not react because my mailserver 'is' already dead.
- If it doesn't harm other employees: temp. change the mx record.
How would changing my mx-records affect the outcome?
When the first mailhandler can't handle the load, mail will be
picked up by
the 'backup-mailserver'..but this would in effect only cascade to
the other
(backup)mailservers and as a result they would eventually also
dye. I think
this is only a solution if I can add serveral (and I mean lots of)
backupmailservers so that the load is spread. I think this is not
really an
option.
Thanks for the reponse.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Intro
