RE: DDOS, Dictionary Attack... not sure what it is...

[Mike Cisar <ml...@starmania.net>]

> > I'm not sure whether it's supposed to be a DDOS attack, a dictionary
> attack,
> > bunch-o-bots or what.  Since about the 26th of Dec I've had one
> particular
> > mailserver that has been dealing with a constant stream of crap...

> That is, if a specific IP address tries sending to bad users more than
> X
> number of times, it then blocks that IP address from connecting at all
> for a set period of time.

That was my first thought, unfortunately I don't seem to get any more than 1
or 2 attempts from any given IP address (probably due to my server dropping
the connection based on some existing configuration I have in place).  But
the same will then happen from another IP, in a different part of the world,
addressed to a different but similar non-existing address... and so on, and
so on.  I haven't counted, but based on the flow, I'd estimate I've seen
about 1000 distinct IP's... that is what leads me to believe it's some sort
of distributed attack.  There are some repeat recipients, from different
IP's at different times.  Like a whole bunch of little zombies all working
off of the same list.

Cheers,
>>>>> Mike <<<<<

RE: DDOS, Dictionary Attack... not sure what it is...

[Joseph Brennan <br...@columbia.edu>]

--On Monday, December 31, 2007 4:00 PM -0700 Mike Cisar 
<ml...@starmania.net> wrote:

> I haven't counted, but based on the flow, I'd estimate I've seen
> about 1000 distinct IP's... that is what leads me to believe it's some
> sort of distributed attack.  There are some repeat recipients, from
> different IP's at different times.  Like a whole bunch of little zombies
> all working off of the same list.


That's what a spam botnet looks like.  There are usually a few hundred
thousand hosts working the same list.  If you have not seen this many
times before, lucky you.

Joseph Brennan
Columbia University Information Technology