[SURBL-Discuss] DoS Question
Raymond Dijkxhoorn
raymond at prolocation.net
Sat Jan 1 17:19:46 CET 2005
Hi!
> Anyone else seeing massive sendmail connections seemingly for the sole
> purpose of a denial of service? This is less than one minute or two after a
> sendmail restart and we've been seeing this issue since app 6AM today.
> [210.20.54.62] startup
> 16034 ? S 0:00 sendmail: server [4.27.171.43] startup
> 16035 ? S 0:00 sendmail: server
> 13Cust29.VR2.NYC4.broadband.uu.net [63.13.166.29] startup
> 16038 ? S 0:00 sendmail: server localhost.localdomain [127.0.0.1]
> startup
> 16040 ? S 0:00 sendmail: server pD9E2C8C3.dip.t-dialin.net
> [217.226.200.195] startup
> 16041 ? S 0:00 sendmail: server [222.185.250.34] startup
> 16042 ? S 0:00 sendmail: server host013.acernautic.com
> [216.108.233.13] startup
> 16043 ? S 0:00 sendmail: server [61.172.244.215] startup
This isnt something to discuss on the SURBL list, but it looks like you
either have a dictionary attack going on.
You could contact me offlist if you wanna send in more details.
If would suggest blocking with DSBL or something simillar on MTA level.
Since sa lot of those seem to be open proxy's on dailup systems.
Bye,
Raymond.
More information about the Discuss
mailing list