[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Spamming virus
Matti, you are back? How was your marine trip?
As you are back, I'll be sending my patch to make
max-same-ip-connections controllable from policy today.
On Thu, 2003-08-07 at 18:00, Matti Aarnio wrote:
> > did anyone notice a new spamming technology that appeared about a week
> > ago, when you suddenly get the same spam message from hundreds different
> > machines around the world, apparently infected home PCs on cable, DSL
> > and dialup connections? Any information / known protection?
>
> Same one from hundreds of different systems ?
> That is odd.. Denial-of-service type behaviour, I would say.
Apparently they build a similar underground network, this time for
spamming. Like previous DoS things, this one is centrally controlled -
all machines start sending the same message at the same time.
> Having connection quotas (number of connections) limited by network-
> classes might help -- from our customers: N, from elsewere: M
Nope. Involved machines are sparsely distributed around the world.
> There is no code at present to make that happen. Moving smtp connection
> policy initialization and address testing into the accept() server program
> could give you this classification capability. When the classifier then
> notes that there are way too many connections from a given class of
> network(s) (like outside our own clients), present-like limitter algorithms
> can kick the excessive connection(s) away.
>
> > It nearly killed our system before I made a quick and dirty hack to
> > block those...
> >
> > Eugene
--
Eugene Crosser, head of Internet Applications section, +7 501 787 1000
ROL, EDN Sovintel, Golden Telecom, http://user.rol.ru/~crosser/
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi