----- Original Message ----- From: "Laura Bhandari" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, April 28, 2004 12:48 Subject: RE: [IMail Forum] Virus coming quick
> > Yesterday I started getting a dictionary attack (about once an hour) from > "[EMAIL PROTECTED]" from a variety of IP addresses (mostly SBC Internet - > isn't that Yahoo??) in addition to the rise in viruses. We've been suffering this for three weeks now. I've shared some of my woes. The worst was that our secondary mail server, running Microsoft's SMTP server, got overwhelmed, first by filling up with viruses and spam, and then, apparently, due to too many simultaneous connections (it's just an old PII we keep around). At the moment I've solved the problem by limiting connections to 100 and setting the expire times on email in the queue very low. In the long term, we're going to retire the PII and move the secondary mail server to a faster machine with a good deal more storage. I tried to set up scripts to pull the IPs of the attackers out of the logs, but the problem is that these appear to be co-ordinated attacks via zombies, so that one machine might only be used ten or fifteen times in a day. I'm not going to cut access for ten or fifteen account rejections. The only thing we're doing now is just making sure resources are alright, and hoping that the folks that own these zombified computers figure out eventually that they're vomiting virus and spam like nuts. -- A. Clausen [EMAIL PROTECTED] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
