DOS attack using RSET commands?

Martin Hepworth martinh at solid-state-logic.com
Fri Jun 23 13:41:34 IST 2006


Travis

Seeing a lot of these I wasn't seeing before... (in Exim)

SMTP protocol violation: synchronization error (input sent without waiting
for greeting): rejected connection

about 25% of my reject log is this rubbish, don't recall seeing this before.

And I only reject on unknown user for that connection..I don't use any
access list on the MTA.

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> bounces at lists.mailscanner.info] On Behalf Of Travis Taylor
> Sent: 23 June 2006 13:00
> To: mailscanner at lists.mailscanner.info
> Subject: OT: DOS attack using RSET commands?
> 
> Apologies about multiple posts, but appears my postings are not making
> it to the mailing list.
> 
> Anyone else noticing a large surge in number of clients/connections
> issuing repetitive RSET commands when the connection is permanently or
> temporarily rejected?
> 
> The majority of the connections appear to originate from the RIPE and
> APNIC netspace.  It is getting to the point where the load is 3 times
> normal and email delivery to us is extremely slow due to the large
> number of repetitive open connections.  Anyone have similar issues?
> 
> --
> Travis Taylor
> Unified School District 373
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************



More information about the MailScanner mailing list