Evert Smit wrote:
here an example heder of how such a post looks like. because the mails are comming from various server, like ibm.com, compaq, yahoo, companies all over the world, blocking IP's will not make sence.
i think we should call this a bounce attack, because that is eventually what happends... send out mails with wrong adresses to millions of computers and give a wrong adress and mail heder with... what happends.. it bounces and the attack heads it's way to the requiret target.
here now the example. he send the mail to the stanford mailserver and it bounces.. to me.
From MAILER-DAEMON@lagu.sidhe.net Sat Nov 2 09:33:47 2002 Return-Path:
Received: from bouncemail.stanford.edu (bouncemail.Stanford.EDU [171.64.14.35])
See this:
by lagu.sidhe.net (8.11.6/8.11.6/SuSE Linux 0.5) with SMTP id gA28XcA00319
^^^^^^^^^^^^^^^ Your server is an open relay, close it. Try adding an REJECT access rule for this domain: ip-170-149-113.xdsl-fixo.ctbcnetsuper.com.br or his IP/Network:
[200.170.149.113])
-- .-. e-SecureNet /v\ We Run SuSE Project Manager // \\ *The LINUX Experts* c/o Miguel Albuquerque /( )\ Av. Miremont 46 ^^-^^ 1202 - GE, SWITZERLAND Tel: +41 (22) 782 5344 Fax: +41 (22) 782 5348 mailto:mfoacs@e-securenet.ch http://www.e-securenet.ch