[Dshield] Heavy spamming vs DoS?

DigitalNation dshield at digitalnation.ca
Fri Feb 10 17:25:39 GMT 2006


Jean,

We are seeing the same thing. I have mentioned this earlier in this forum. 

It seems they are trying to confuse antispam or IDS by hammering the SMTP
with connections. Most of the multiple connections like this we see are RBL
and are rejected. 

As systems get faster and networks get broader, I am sure the spammer will
try hard to take advantage of it.

------------------
M. McBride
Security Admin
DigitalNation
Vancouver, Canada
 


-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Jean-Pierre Schwickerath
Sent: Friday, February 10, 2006 2:22 AM
To: list at lists.dshield.org
Subject: Re: [Dshield] Heavy spamming vs DoS?




> 
> Before the new year most everything was below 100 attempts, now I'm
> regularly seeing attempts that run for an hour and generating 
> 100's of connection attempts. Is anyone else seeing a change in 
> spammer tactics like this or am I just lucky? ;)

I can't confirm this from here. The number of spam messages keeps constant -
even over week ends and holidays. It's just the amount of successfully
delivered mail that varies. 


Regards, 
Jean-Pierre

-- 
HILOTEC Engineering + Consulting GmbH
Energietechnik und Datensysteme
Tel: +41 34 402 74 00 - http://www.hilotec.com/
_________________________________________
Learn about Intrusion Detection in Depth from the comfort of your own couch:
https://www.sans.org/athome/details.php?id=1341&d=1

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list





More information about the list mailing list