[27457] in North American Network Operators' Group
Re: SMTP in distributed DOS
daemon@ATHENA.MIT.EDU (I Am Not An Isp)
Sun Feb 20 15:28:11 2000
Message-Id: <4.2.2.20000220115752.02d825b0@mail.ianai.net>
Date: Sun, 20 Feb 2000 11:59:42 -0800
To: nanog@merit.edu
From: I Am Not An Isp <patrick@ianai.net>
In-Reply-To: <20000220110421.A16950@noc.power.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Errors-To: owner-nanog-outgoing@merit.edu
At 11:04 AM 2/20/00 -0800, Dirk Harms-Merbitz wrote:
>We are currently seeing this first hand: Our real mail.power.net is
>at 207.151.19.8. The attacker is sending individualized emails with
>faked headers that contain "mail.power.net (unverified [209.26.14.22])".
>
>The recipient computers are dumb enough to send their bounces to
>the real mail.power.net.
This is the problem - a mail server stupid enough to send a bounce to an
unverified host name, instead of the connecting IP address.
>This is a DOS because the innocent mail server a) gets millions of
>bounces and b) might get black listed on various "anti-spam" lists.
What anti-spam list maintainer would add an unverified host name in a
header? Especially when the IP address does not match the hostname?
>Dirk
TTFN,
patrick
--
I Am Not An Isp - www.ianai.net
ISPF, The Forum for ISPs by ISPs, <http://www.ispf.com>
"Think of it as evolution in action." - Niven & Pournelle
(Enable? We dunt need no stinkin' enable!!)
