[Dshield] Vast increase in spam attempts

David Cary Hart DShield at TQMcube.com
Tue Jan 3 01:03:39 GMT 2006


On Mon, 02 Jan 2006 18:15:30 -0500
"Jon R. Kibler" <Jon.Kibler at aset.com> opined:
> Greetings and Happy New Year All,
> 
> Starting about 0500 UTC this morning, we had an exponential jump in the
> number of attempts to send spam. Normally our peak total connection rate at
> that time of the day is at most 2 to 4 connections/sec. However, we started
> seeing connection request rates approaching 50+/sec at a peak with
> innumerable simultaneous open connections. It was almost to the point of
> causing a DoS attack against our mail servers. (We have since tweaked
> time-outs, etc. to reduce this possibility.)
> 
> The huge jump in load appears to be the result of dictionary attacks against
> some of our customers' email addresses. For example, just one domain has over
> a hundred different (apparently compromised) systems trying to send spam to
> bogus domain names. All 'attacking' systems seem to be a part of the same
> well coordinated dictionary attack. For example (sorry about the length, but
> it makes to problem clearer):
> 
Same here. However, correct me if I'm wrong but almost all of this is coming
from dynamic space. Wouldn't you be better off (in terms of cycles and
bandwidth) by rejecting dynamic clients before RCPT TO?

-- 
Our DNSRBL - 
           Eliminate Spam: http://www.TQMcube.com/spam_trap.php
   FSS v. AHBL SLAPP Suit: http://www.TQMcube.com/ahbl.php
          Multi-RBL Check: http://www.TQMcube.com/rblcheck.php
            Zombie Graphs: http://www.TQMcube.com/zombies.php


More information about the list mailing list