Recently, my SmarterMail Server underwent a DOS attack. I was puzzled at the server center's initial response indicating possible power issues.
My first thought is always that hardware failed. In this instance, such was not the case. I was told my IP was being attacked and NULL Route was applied. A NULL Route essentially sends traffic to nowhere. Response from CO_LO Host. "I apologize if I was not clear in my previous response. We needed to block incoming DNS to the server as it appears to be the majority of attack traffic. Outbound DNS should still continue to function at this time." While I was given to believe the attack was IP based, the reference that later came through was DNS related. I used OPEN DNS on the server and felt if anyone could / would handle DNS, they would be a good choice. When I first learned of the DNS attack, I suggested using a different DNS. The center chose to continue with the NULL Route believing it would be the best choice at the time. The eventual result was placing a GOOGLE DNS as the primary DNS and the server came back online. I am attempting to gain additional information that will help determine what configurations should be put in place to help prevent in the future. The Google Primary is still in place. Thanks to Mailsbestfriend, email was successfully bucketed for later delivery. Fortunately, the attack came at the end of a work day so impact on business customers was minimal. I would entertain thoughts as to how to prepare in order to manage such events in the future. Martin
