Dave,
I've noticed that on my box with only about 60 domains, there's several
distributed dictionary attacks every day. They seem to be controlled
from a central location because the order is roughly the same across
the different IP addresses they use. Mine have been spaced out and
fairly low
I've seen dictionary attacks before, but this one is impressive!
I have a customer who has eight email addresses and some aliases on his
single domain. We have an ongoing problem with a distributed dictionary
attack again this domain, and I'm talking a serious attack here - over
half a
R. Scott Perry wrote:
What surprises me is that law enforcement agencies haven't gone after
perhaps a few dozen compromised servers, run a packet sniffer, and
checked to see what IP(s) are controlling the compromised servers.
The reason is probably because these machines are generally
The interesting thing about these messages is that the ones I've seen
generally don't have multi-hop trails. They look like a zombie connecting
directly to the mail server.
The blocklists are great, but at that volume, I can't run Declude on the
messages without killing the server. So I seem to
Of Dave Doherty
Sent: Wednesday, February 04, 2004 11:04 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Distributed Dictionary Attack
The interesting thing about these messages is that the ones I've seen
generally don't have multi-hop trails. They look like a zombie
connecting directly
and block a
connection after 6 invalid users from an ip in 30 seconds
Jason
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty
Sent: Wednesday, February 04, 2004 11:04 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Distributed Dictionary
That sounds like a great idea, Jason. Do you think it will stand up to this
volume?
-d
- Original Message -
From: Jason [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, February 05, 2004 12:09 AM
Subject: RE: [Declude.JunkMail] Distributed Dictionary Attack
Try running Black