[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <ELEOLHOJFMBPBFCJHOCIEEHGDPAA.aditya.deshmukh@online.gateway.technolabs.net>
From: aditya.deshmukh at online.gateway.technolabs.net (Aditya, ALD [Aditya Lalit Deshmukh])
Subject: Block notification / bounce mails (as in DDOS)
point the mx to 127.0.0.1 or localhost for 3 days
> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Koen
> Sent: Thursday, April 01, 2004 8:29 PM
> To: full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] Block notification / bounce mails (as in
> DDOS)
>
>
> Niek Baakman wrote:
> >> <question>
> >> What would you do when a spammer uses your mail-address as the "From:"
> >> and the mails that are sent by the spammer get all bounced back by
> >> legitimated mail-servers to your mailhandlers? All the bounces would
> >> return to you - as you are the 'from' (assume a rate of 1.000 a
> >> minute) and this traffic would kill your network-connection. You
> >> wouldn't be able to receive any mail because your mailserver can no
> >> longer handle the load
> >> </question>
> >
> > - Apply filters on your mailserver.
> These filters will not react because my mailserver 'is' already dead.
> > - If it doesn't harm other employees: temp. change the mx record.
> How would changing my mx-records affect the outcome?
> When the first mailhandler can't handle the load, mail will be
> picked up by
> the 'backup-mailserver'..but this would in effect only cascade to
> the other
> (backup)mailservers and as a result they would eventually also
> dye. I think
> this is only a solution if I can add serveral (and I mean lots of)
> backupmailservers so that the load is spread. I think this is not
> really an
> option.
>
> Thanks for the reponse.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
Powered by blists - more mailing lists