[Dshield] Mail bombing by MyDoom, bouncing of infected emails, and a few other random thoughts

David Hart DavidHart at TQMcube.com
Sun Feb 1 22:06:53 GMT 2004


On Sun, 2004-02-01 at 12:34, Doug White wrote:
> For the past week I have had a similar problem, and noticed that 95% of them
> show about 20 source IP numbers.   I have temporarily added these to my Access
> file  1.2.3.4  REJECT and the mail server is dropping the connection from the
> offending IP numbers.  The immediate result I noticed was a real reduction in
> CPU load on the  server  and legitimate mail is being delivered in a more timely
> basis.
> 
Why not drop them temporarily at the firewall? Correct me if I'm wrong
(since that is what we are doing) but isn't that more efficient?
                               ---------
            Quality Management - A Commitment to Excellence
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040201/8e21a08d/attachment.bin


More information about the list mailing list