EHLO, > Is Cablecom the only target, or other ISPs experienced the > same attacks?
We're experiencing such large attacks every few weeks and there's not much you can do against it. The attackers use open proxies and infected home pc's to connect to the MTAs, each connections only scans for a few RCPT's (10-20). Sometimes we see >900 simultaneous connections on each MTA from such hosts. One of the largest attacks we experienced was in December last year, it lasted about 5 days. Our MTAs are constantly scanned for valid recipients, but usually only from 50-80 simultaneous connections per MTA (we're not considering this an 'attack' [anymore]). Although we've set a delay of 40 seconds after an invalid "RCPT TO:" the attackers won't give up. Just to give a little statistic: During the last minute (16:12:00 to 16:12:59) we've seen a total 522 invalid RCPT's from >80 different hosts on our MTAs. Sucks to be an MTA these days.... :( cheers, Fabian Uebersax System Engineer Tiscali AG ---------------------------------------------- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
