[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] Block notification / bounce mails (as in DDOS)
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: [Full-Disclosure] Block notification / bounce mails (as in DDOS)
- From: Security <koen4security@xxxxxxxxxxx>
- Date: Thu, 01 Apr 2004 16:05:51 +0200
Hi,
Recently, this question popped up during my job interview
<question>
What would you do when a spammer uses your mail-address as the "From:" and the
mails that are sent by the spammer get all bounced back by legitimated
mail-servers to your mailhandlers? All the bounces would return to you - as
you are the 'from' (assume a rate of 1.000 a minute) and this traffic would
kill your network-connection. You wouldn't be able to receive any mail because
your mailserver can no longer handle the load
</question>
I had a 'Dilbert' reaction in the sense that I couldn't come up with a decent
answer (needless to say their impression indicated that I should not expect
them to hire me). I could only offer these solutions :
* contact my ISP and search for a decent solution
* put a notice on our corporate website and indicate that we are no longer
available through mail on the old address but have a 'new' temporarily one
* try to investigate, through the e-mail headers (allthough they could be
fake), from where the original posts are coming and try to contact the isp of
that netblock
What do you all suggest to this 'seemingly' DDOS-attack (allthough not
intended as a DOS)?
Greetings,
Koen
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html