[117094] in North American Network Operators' Group
RE: POP3 DoS attacks and mailanyone.net?
daemon@ATHENA.MIT.EDU (Winn Johnston)
Tue Sep 1 15:59:11 2009
From: Winn Johnston <WJohnston@induscorp.com>
To: "up@3.am" <up@3.am>, "nanog@nanog.org" <nanog@nanog.org>
Date: Tue, 1 Sep 2009 15:58:42 -0400
In-Reply-To: <alpine.BSF.2.00.0909011520050.59244@richard2.pil.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Issues=20with=20gmail.com=20
here=20in=20DC
Winn=20Johnston
________________________________________
From:=20up@3.am=20[up@3.am]
Sent:=20Tuesday,=20September=2001,=202009=203:28=20PM
To:=20nanog@nanog.org
Subject:=20POP3=20DoS=20attacks=20and=20mailanyone.net?
For=20the=20first=20time=20since=20I=20can=20remember,=20my=20POP3=20serve=
r=20was=20effectively
shut=20down=20by=20too=20many=20simultaneous=20connections=20today.=20=20T=
he=20first=20fix=20I
tried=20was=20to=20raise=20the=20number=20of=20connections=20from=20the=20=
default=2040=20to=20100,
but=20the=20problem=20soon=20returned.
I=20finally=20ipfw'd=20off=20the=20offending=20IP=20(98.190.204.2=20for=20=
anyone
interested),=20then=20went=20to=20look=20for=20other=20possible=20offender=
s=20in=20the=20log.=20=20I
noticed=20several=20thousand=20connections=20today=20to=20a=20few=20dozen=20=
former=20users
from=204=20IPs=20from=20208.70.128.0/21.=20=20One=20of=20the=20users=20was=
=20actually
legitimate.
These=20IPs=20belong=20to=20mailanyone.net.=20=20The=20tech=20contact=20in=
=20their=20ARIN=20record
is=20listed=20as:
OrgTechHandle:=20BHE57-ARIN
OrgTechName:=20=20=20Heitman,=20Bryan
OrgTechPhone:=20=20+1-816-587-4700
OrgTechEmail:=20=20hostmaster@mailanyone.net
However,=20that=20phone=20number=20goes=20to=20a=20UPS=20store=20that=20ha=
s=20no=20idea=20what=20I'm
talking=20about.=20=20I=20then=20dialed=20their=20suppseod=20NOC=20number:=
Comment:=20=20=20=20FuseMail,=20LLC=20Network=20Operations=20Center=20cont=
act
Comment:=20=20=20=20877.888.3873=20x3
I=20am=20on=20hold=20with=20that=20number=20right=20now=20with=20some=20ve=
ry=20loud=20and=20annoying
music.
Can=20anyone=20offer=20any=20insight=20as=20to=20these=20people=20and=20ho=
w/who=20to=20deal=20with
there?
Would=20a=20provider=20be=20amiss=20to=20just=20block=20their=20entire=20/=
21?
TIA,
James=20Smallacombe=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20PlantageNet,=20Inc.=20CEO=20and=20Janitor
up@3.am=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=
=20=20=20=20=20http://3.am
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
______________________________________________________________________
This=20inbound=20email=20was=20scanned=20by=20MessageLabs
_____________________________________________________________________
______________________________________________________________________
This=20email=20was=20scanned=20by=20MessageLabs
_____________________________________________________________________
