[99549] in North American Network Operators' Group
Re: DDoS Question
daemon@ATHENA.MIT.EDU (Sean Donelan)
Thu Sep 27 23:43:35 2007
Date: Thu, 27 Sep 2007 23:42:39 -0400 (EDT)
From: Sean Donelan <sean@donelan.com>
To: nanog@merit.edu
In-Reply-To: <2d106eb50709271631jc78bc8egc2867b2ac06fd949@mail.gmail.com>
Errors-To: owner-nanog@merit.edu
On Thu, 27 Sep 2007, Martin Hannigan wrote:
> They randomize the name on the subject line. Is this any particular
> virus/malware/zombie signature
Nothing particularly new. The Bots have been pumping this one out
for at least a month, although the subject line has a few variations
besides just changing the name. I guess they just finally got around
to you.
> and any suggestion on how to defend
> against it besides what I'm already doing (which is all of the
> obvious, rbls, spam appliances, hot cocoa, etc.)?
See all the previous mail threads about ISPs not doing anything :-)
Stop the bots on your networks; work with people to stop the bots
on other networks; work with law enforcement to put the criminals
in prison.
In the mean time, continue to spend on resources to mail servers,
security appliances, and more blacklists.
