[unisog] Super-hidden spamming exploits?

Michael Young mcysys at rit.edu
Mon Oct 6 18:29:08 GMT 2003


We saw this at RIT last weekend (9/27).  600,000 messages were injected
into our mail system in a few hours time.  It took a day to clean it out
of the queues, but mail kept flowing (slowly at times)...

We've taken a sample of the messages and developed a filter to keep them
from clogging our queues.  We've captured quite a few more since.

We've discussed requiring all residential subnets to use authenticated
SMTP to send mail through the gateway to slow down viruses and Trojans
from getting mail out, but with their sophistication lately, I doubt
that will stop it all.  The idea of blocking all SMTP traffic except
through the gateway is kicking around as well, but that could be asking
for trouble.

Michael Young
RIT

-----Original Message-----
From: Thomas DuVally [mailto:tduvally at brown.edu] 
Sent: Monday, October 06, 2003 1:45 PM
To: Mike Iglesias
Cc: UNISOG
Subject: Re: [unisog] Super-hidden spamming exploits?

On Mon, 2003-10-06 at 11:39, Mike Iglesias wrote:
> > Has anyone seen something similar where they are using your internal
> > mail-relays? We are seeing spammers trying to leverage our
mail-servers.
> > This of course has the effect of a DoS as we manually clear the
effected
> > queues just to get things going again.
> 
> Yes, we've had that happen a few times in the last week.  The last
time
> it filled up one of our relays with about 160,000 spam messages.
> 

Exactly! Is this new or are the spammers just getting around to us? We
first saw this early last week. If this is a new trend, how are other
people handling this. We are implementing a few ideas, but we can't
think of anything approaching a REAL solution, other than shutting off
SMTP, which isn't really an option, is it?

> 
> Mike Iglesias                          Email:
iglesias at draco.acs.uci.edu
> University of California, Irvine       phone:       949-824-6926
> Network & Academic Computing Services  FAX:         949-824-2069
-- 
Thomas DuVally
Lead Sys. Prog.
CIS, Brown Univ.
401.863.9466

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x15F233F6



More information about the unisog mailing list