On Mon, 1 May 2000 13:28:53 -0500 , "Dennis Duval" writes:
> It appears that the sending IP (207.190.23.59) is bogus. I
> get no information on a reverse lookup.
... which really doesn't mean it's bogus, just not properly
configured.
> I don't see any way to stop this type of attack other than to be able to
> deny a connection from any IP address that does not have a valid MX record,
> or at least a valid reverse lookup. But I have not figured out how to do
> that.
This won't stop "this kind of attack" because there
is nothing in the nature of this attack that requires
a non-reversed IP. If you're worried about stopping
"this attacker," then use tcprules[1] to block connections
from the attacker's IP (or IP block). I would only do
this after trying their abuse contacts.
Anyway, denying connections from non-reversed IPs
would require putting a shell-script wrapper around
the daemon which checks if TCPREMOTEHOST is set[1].
However, you may have reservations about doing this
on a high-volume server.
--
Chris Mikkelson | "I have yet to see any problem, however complicated,
[EMAIL PROTECTED] | which, when you looked at it the right way, did not
| become still more complicated." -- Poul Anderson
[1] Assuming, of course, you use tcpserver.
