|
The issue here is that a new zombie spam brute force spam attack
(a.k.a. dictionary attack) started a little over two weeks ago. This
attack is so widespread and so voracious, that I have seen connection
traffic to my own service double in this space in time, and this is
also very likely to be the cause of Yahoo's own issues. A large component of this new pattern is not just being attacked directly, it is also getting backscatter generated by other's servers going to forged addresses. Just about one out of every 10 connections to our system is a bounce message that another server sent to a non-existent address on a domain that I handle E-mail for. You must not allow catch-all addresses (nobody) under these sort of conditions. You must also not ever allow a configuration where E-mail is accepted before the address is validated, and then validated at a later point only to cause a bounce that your server generates and is sent to a forged address. This is most typically found where gateways are used. FrontBridge for instance is bouncing over 30,000 pieces of backscatter to my service from 217.117.146.230, and I am not alone. Matt Mike Post wrote:
|
