Hello Robert, Is there a legal investigation aiming to track the attackers down, and can we expect publishing of the investigation results?
Is Cablecom the only target, or other ISPs experienced the same attacks? Thanks for your cooperation, Stanislav --- Robert Meyer <[EMAIL PROTECTED]> wrote: > Starting on Monday 19th, we had a huge amount of traffic > due to dictionary attacks. We were fighting with ten to > fifteen Million requests for mail addresses, composed of > common German first- and second names. A connect started > as an ordinary smtp-Session, was sending five to ten rcpt to: > sequences, collectingthe responses and did not terminate > the Session cleanly. > As our Mailsystem was close to break down, we decided to > take strong measures against these attacks. First we started > with refusing mails from Servers without a reverse entry > in the DNS. Although this helped quite a lot, we were still > totally overloaded. > In this situation, we had to start blocking IP-Ranges to > guarantee the mailservice. We tried to block only dynamically > assigned IP addresses, to minimize the impact on other users. > Unfortunately, this was not always possible to achieve in the > speed of blocking IP Ranges required to keep our systems > alive. ---------------------------------------------- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
