[ale] Being used in a DOS attack against others

Ben Coleman oloryn at benshome.net
Thu Aug 8 10:41:53 EDT 2002


On 08 Aug 2002 09:48:25 -0400, Michael Hirsch wrote:

>Someone has been using our mail server to amplify a DOS attack against
>some other mail servers.  It works like this.  Then send a mail to
>randomuser at nubridges.com with a return address of attackedcompany.com. 
>Since random user does not exist we send a reply that the user does not
>exit to attackedcompany's mail server.  So we flood their mail server.
>
>I've never seen this attack before, though it seems quite simiple.  Is
>this a well know DOS attack?  Has anyone else been experiencing this? 
>
>It seems to have stopped this morning, but it was ongoing for the last
>two days.

Was there any of the spam mail addressed to valid addresses?  You may
have merely been the victim of a dictionary attack, where the spammer
uses a dictionary of common usernames along with your domain name to
generate possible email addresses, and just tries them all.  The flood
back to the other company may be unintended, or may be harassment.

Ben
-- 
Ben Coleman oloryn at benshome.net      | The attempt to legislatively
http://oloryn.home.mindspring.com/   | micromanage equality results, at
Amateur Radio NJ8J                   | best, in equal misery for all.



---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list