Date: Sat, 08 Sep 2001 09:09:42 -0500 From: Len Conrad <LConrad@Go2France.com> To: Freebsd-net@freebsd.org Subject: tracing an attack using spoofed ip´s Message-ID: <5.1.0.14.0.20010908090440.06337828@mail.Go2France.com>
next in thread | raw e-mail | index | archive | help
A client has been receiving an attack on this mail gateway´s port 25 for 3 weeks. We increased the postfix SMTPD processes from 50 to 150, and the hourly msg rejects jumped from 5000 to 15000, roughly. The source addresses used by the attacker(s) are mostly in the various RBL bases, 100´s of them. The pb is that the attack is consuming so many SMTPD processes that valid incoming mail is taking several hours to arrive, as the sender MTA can´t get an answer when it connects to port 25. the definition of DoS. Is there anyway to trace the real source of the spoofed packets? Len http://MenAndMice.com/DNS-training http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20010908090440.06337828>