[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Block notification / bounce mails (as in DDOS)

To: Tomasz Konefal <twkonefal@xxxxxxxxx>
Subject: Re: [Full-Disclosure] Block notification / bounce mails (as in DDOS)
From: Koen <koen4security@xxxxxxxxxxx>
Date: Thu, 01 Apr 2004 21:46:26 +0200

Tomasz Konefal wrote:

first off, the From: header would not normally be the one emails get bounced to. rather, it would be the "MAIL FROM" envelope header. in any case, my 'solution' would be to temporarily drop all mail destined to this deluged account to /dev/null and set up a new account for the busted user. you could alternatively set up a "user relocated" reply on the server or just kill the account altogether and send responses of "no such local user". you get the general idea. not a great solution, but only one person's email is crapped out instead of everyone's. when the DDoS looks like it's petering away you can set up an alias from the old to the new account to reenable legitimate mails to get to the user.

Hi, A "user relocated" reply would only increase the problem. The problem isn't limited to one mailbox or user-account but rather to "all" mailboxes. Thanks anyway

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Block notification / bounce mails (as in DDOS)
  - From: Security

Prev by Date: Re: [Full-Disclosure] Block notification / bounce mails (as in DDOS)
Next by Date: Re: [Full-Disclosure] Block notification / bounce mails (as in DDOS)
Previous by thread: RE: [Full-Disclosure] Block notification / bounce mails (as in DDOS)
Next by thread: Re: [Full-Disclosure] Block notification / bounce mails (as in DDOS)
Index(es):
- Date
- Thread