DOS attack using RSET commands?
Ed Wallig
ewallig at aerocontractors.com
Sat Jun 24 03:21:23 IST 2006
Seeing a lot of the same thing - "dictionary-type" attacks with resets once the mail has been rejected.
- Ed
-----Original message-----
From: "Martin Hepworth" martinh at solid-state-logic.com
Date: Fri, 23 Jun 2006 08:43:02 -0400
To: "'MailScanner discussion'" mailscanner at lists.mailscanner.info
Subject: RE: DOS attack using RSET commands?
> Travis
>
> Seeing a lot of these I wasn't seeing before... (in Exim)
>
> SMTP protocol violation: synchronization error (input sent without waiting
> for greeting): rejected connection
>
> about 25% of my reject log is this rubbish, don't recall seeing this before.
>
> And I only reject on unknown user for that connection..I don't use any
> access list on the MTA.
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
> > -----Original Message-----
> > From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> > bounces at lists.mailscanner.info] On Behalf Of Travis Taylor
> > Sent: 23 June 2006 13:00
> > To: mailscanner at lists.mailscanner.info
> > Subject: OT: DOS attack using RSET commands?
> >
> > Apologies about multiple posts, but appears my postings are not making
> > it to the mailing list.
> >
> > Anyone else noticing a large surge in number of clients/connections
> > issuing repetitive RSET commands when the connection is permanently or
> > temporarily rejected?
> >
> > The majority of the connections appear to originate from the RIPE and
> > APNIC netspace. It is getting to the point where the load is 3 times
> > normal and email delivery to us is extremely slow due to the large
> > number of repetitive open connections. Anyone have similar issues?
> >
> > --
> > Travis Taylor
> > Unified School District 373
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
>
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 1859 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060623/8c506197/smime.bin
More information about the MailScanner
mailing list