[ale] Being used in a DOS attack against others

Michael Hirsch mhirsch at nubridges.com
Thu Aug 8 16:29:43 EDT 2002


On Thu, 2002-08-08 at 11:31, Jim Popovitch wrote:
> Hi Michael,
> 
> Which MTA are you using?  Depending on the MTA there are usually several
> methods of eliminating or controlling this behavior.

Exchange.  What else is there?

Thank you everyone for your responses.  I don't think this attack has
caused us huge problems, but I'm not sure.  Our network has been really
flakey this week.  I'm not the guy maintaining it so I don't have all
the facts.  I'm trying to find out, but they're pretty busy today
dealing with all the issues.

Thanks,

Michael

> 
> -Jim P.
> 
> > -----Original Message-----
> > From: Michael Hirsch [mailto:mhirsch at nubridges.com]
> > Sent: Thursday, August 08, 2002 9:48 AM
> > To: ALE
> > Subject: [ale] Being used in a DOS attack against others
> >
> >
> > Someone has been using our mail server to amplify a DOS attack against
> > some other mail servers.  It works like this.  Then send a mail to
> > randomuser at nubridges.com with a return address of attackedcompany.com.
> > Since random user does not exist we send a reply that the user does not
> > exit to attackedcompany's mail server.  So we flood their mail server.
> >
> > I've never seen this attack before, though it seems quite simiple.  Is
> > this a well know DOS attack?  Has anyone else been experiencing this?
> >
> > It seems to have stopped this morning, but it was ongoing for the last
> > two days.
> >
> > --Michael
> >
> >
> > ---
> > This message has been sent through the ALE general discussion list.
> > See http://www.ale.org/mailing-lists.shtml for more info.
> > Problems should be
> > sent to listmaster at ale dot org.
> >
> 



---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list