RES: RE: RES: NDR attack
- From: "Tiago de Aviz" <Tiago@xxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 9 Aug 2004 12:30:39 -0300
No, No.. he did have protection. But the NDR's came in such a massive quantity
that his DSL couldn't manage so many NDR's coming, even though his server was
blocking them all and throwing them at the badmail folder. His disk space
reached zero in an hour or so.
Impressive!
Tiago de Aviz
SoftSell
(41) 340-2363
www.softsell.com.br <http://www.softsell.com.br/>
Esta mensagem, incluindo seus anexos, tem caráter confidencial e seu conteúdo é
restrito ao destinatário da mensagem. Caso você tenha recebido esta mensagem
por engano, queira por favor retorná-la ao destinatário e apagá-la de seus
arquivos. Qualquer uso não autorizado, replicação ou disseminação desta
mensagem ou parte dela é expressamente proibido. A SoftSell não é responsável
pelo conteúdo ou a veracidade desta informação.
_____
De: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
Enviada em: sábado, 7 de agosto de 2004 17:15
Para: [ISAserver.org Discussion List]
Assunto: [isalist] RE: RES: NDR attack
http://www.ISAserver.org
Abandon his Domain name? What, he did not expect stuff like this? Did not do
his homework on operating an e-mail server on the Internet/
What, he thinks his new domain name will be exempt from these attacks?
Sounds like he needs some configuration changes and gateway software to protect
against that.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-----Original Message-----
From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx]
Sent: Saturday, August 07, 2004 11:51 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RES: NDR attack
http://www.ISAserver.org
I had a customer that had a SBS server with a fixed IP DSL modem. One day, some
dude started to make Directory Harvest Attacks against some small companies
(Nissan, Renault...), and set his e-mail as the reply-to address.
Needlessly to say, he had to abandon his DNS name. The NDR's came in such
monstrous quantities that they made itself a DoS attack ;)
Tiago de Aviz
SoftSell
(41) 340-2363
www.softsell.com.br <http://www.softsell.com.br/>
Esta mensagem, incluindo seus anexos, tem caráter confidencial e seu conteúdo é
restrito ao destinatário da mensagem. Caso você tenha recebido esta mensagem
por engano, queira por favor retorná-la ao destinatário e apagá-la de seus
arquivos. Qualquer uso não autorizado, replicação ou disseminação desta
mensagem ou parte dela é expressamente proibido. A SoftSell não é responsável
pelo conteúdo ou a veracidade desta informação.
_____
De: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Enviada em: sexta-feira, 6 de agosto de 2004 15:39
Para: [ISAserver.org Discussion List]
Assunto: [isalist] NDR attack
http://www.ISAserver.org
Hey guys,
I was looking at my firewall logs yesterday and noticed a big increase in my
Firewall service logs. Started running it down and the logs shows a ton of DNS
and SMTP traffic coming from my outbound relay. We'll wouldn't you know it, it
wasnt' even the ISA firewall's fault :-)
You might want to this out and disable sending NDRs. Fixed the problem for me.
MAPILab.Com - Articles: http://www.mapilab.com/articles/ndr_spam_attack.htm
HTH,
Toml
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tiago@xxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
johnlist@xxxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tiago@xxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Other related posts:
