Re: : Zombie Network Spam Attack

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Peter N. M. Hansteen <peter@...>

To: <misc@...>

Subject: Re: : Zombie Network Spam Attack

Date: Saturday, February 9, 2008 - 11:40 am

Raimo Niskanen writes:

> What does "lsof -ni:spamd | wc -l" say during the peaks?

quoted text

> On my machine spamd ran out of sockets (about 670).

Depending on the exact properties of the traffic you may get some
mileage out of using state tracking options to limit the number of
simultaneous connections from a single host, rate of new connections
etc and creative use of overload tables. Much like the mainly ssh
focused example at [1], only the technique is a general one and could
just as easily be applied to SMTP connections.

[1] http://home.nuug.no/~peter/pf/en/bruteforce.html
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: : Zombie Network Spam Attack, Peter N. M. Hansteen, (Sat Feb 9, 11:40 am)


linux-kernel:
Andrew Morton	-mm merge plans for 2.6.23
Greg KH	[GIT PATCH] driver core patches against 2.6.24
Bart Van Assche	Integration of SCST in the mainstream Linux kernel
david	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
openbsd-misc:

linux-netdev:
Jarek Poplawski	[PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Gerrit Renker	[PATCH 03/37] dccp: List management for new feature negotiation
Arjan van de Ven	Re: [GIT]: Networking
Auke Kok	[PATCH] e1000e: test MSI interrupts
git:

Re: : Zombie Network Spam Attack

Online users