Mail DoS

Matts on 2002-03-19T20:41:31

Had to look into a mail denial of service at work today. I was extremely surprised that a company the size of ours had never really dealt with an email DoS before. Unfortunately the guy was using open relays, and the DNS blacklists we offer to our clients didn't have the relays he was using listed. Bah. Spamcop did though, as did osirusoft and dorkslayers, so it looks like we're going to have to expand our blacklist usage somewhat.

People who start these things are really sad little idiots. It makes me wonder how Slashdot (and thus use.perl) deals with their DoS attacks, because I've rarely seen use.perl slow down much.


Bots

djberg96 on 2002-03-19T22:41:13

I remember reading an article that most of the DoS attacks are the result of bots installed on unsuspecting home user's PC's.

I also read that ZoneAlarm will pick these up (and stop them) while BlackIce Defender will not. I run the free version of ZoneAlarm at home for Windows and I have to say it works pretty good. It even prevented some nasty CTD hacks in online games that I was playing.

ORDB

ask on 2002-03-20T09:06:50

You don't use ORDB? (I could just look in my tinydns logs, but that's not fair :-) )

If not, how come?

Re:ORDB

Matts on 2002-03-20T09:52:37

I believe we do use ORDB, but this particular domain wasn't listed there.

If we don't use any particular blacklist it's because we have to pay for them, since we do 7million emails a day - and free services wouldn't smile too kindly on that. I keep telling them to just install dnscache, but nobody listens to me - they installed bind instead. D'oh!

Re:ORDB

ask on 2002-03-21T05:16:17

A rough estimate says that ORDB gets about 70 million lookups a day, so 7 million is quite a bit.

Stats from one of 9 nameservers.