[unisog] Super-hidden spamming exploits?
mcysys at rit.edu
Mon Oct 6 18:29:08 GMT 2003
We saw this at RIT last weekend (9/27). 600,000 messages were injected
into our mail system in a few hours time. It took a day to clean it out
of the queues, but mail kept flowing (slowly at times)...
We've taken a sample of the messages and developed a filter to keep them
from clogging our queues. We've captured quite a few more since.
We've discussed requiring all residential subnets to use authenticated
SMTP to send mail through the gateway to slow down viruses and Trojans
from getting mail out, but with their sophistication lately, I doubt
that will stop it all. The idea of blocking all SMTP traffic except
through the gateway is kicking around as well, but that could be asking
From: Thomas DuVally [mailto:tduvally at brown.edu]
Sent: Monday, October 06, 2003 1:45 PM
To: Mike Iglesias
Subject: Re: [unisog] Super-hidden spamming exploits?
On Mon, 2003-10-06 at 11:39, Mike Iglesias wrote:
> > Has anyone seen something similar where they are using your internal
> > mail-relays? We are seeing spammers trying to leverage our
> > This of course has the effect of a DoS as we manually clear the
> > queues just to get things going again.
> Yes, we've had that happen a few times in the last week. The last
> it filled up one of our relays with about 160,000 spam messages.
Exactly! Is this new or are the spammers just getting around to us? We
first saw this early last week. If this is a new trend, how are other
people handling this. We are implementing a few ideas, but we can't
think of anything approaching a REAL solution, other than shutting off
SMTP, which isn't really an option, is it?
> Mike Iglesias Email:
iglesias at draco.acs.uci.edu
> University of California, Irvine phone: 949-824-6926
> Network & Academic Computing Services FAX: 949-824-2069
Lead Sys. Prog.
CIS, Brown Univ.
More information about the unisog