[Dshield] Mail bombing by MyDoom, bouncing of infected emails, and a few other random thoughts
doug at clickdoug.com
Sun Feb 1 17:34:57 GMT 2004
: On Jan 29, 2004, at 8:53 AM, Jon R. Kibler wrote:
: > Greetings:
: > Wow! MyDoom has created a real mess... : >
: > Anyway, two real reasons for writing about MyDoom mail bombing:
: > 1) Question: Has anyone else seen similar behavior -- meaning large
: > connection bursts?
: > 2) Pass on some advice on how you can protect yourself from such
: > high connection rates.
For the past week I have had a similar problem, and noticed that 95% of them
show about 20 source IP numbers. I have temporarily added these to my Access
file 18.104.22.168 REJECT and the mail server is dropping the connection from the
offending IP numbers. The immediate result I noticed was a real reduction in
CPU load on the server and legitimate mail is being delivered in a more timely
I don't know why the SANS meter is still showing condition green, when most
people I have talked to are experiencing server load factors well into the red
Stop spam on your domain, Anti-spam solutions
For hosting solutions http://www.clickdoug.com
Aspire to Inspire before you Retire or Expire!
More information about the list