Re: [Full-Disclosure] Block notification / bounce mails (as in DDOS)

[Ron DuFresne <dufresne@xxxxxxxxxxxxx>]

On Thu, 1 Apr 2004, Koen wrote:

> Luke Norman wrote:
> >>
> >> What do you all suggest to this 'seemingly' DDOS-attack (allthough not
> >> intended as a DOS)?
> >>
> > Set up a server-side bayesian filter to block all e-mails containing
> > certain words (such as 'address not found' or similar). I'd be very
> > suprised if there isn't a filter like this already available if you
> > google it. Have a look at the 'fighting useless notification mails'
> > thread from a few days ago, which is a related topic
>
> This would be an option if the mailserver is still capable of handling all or
> some of the mail. As the question was raised, this is not the case. The
> 'theoratical' situation is that my mailserver is as dead as a doornail (not
> really crashed but out of oxygen..network-bandwidth).
>
> Thanks anyway for the response (and yes, the thread on fighting.... is indeed
> very helpful for the case where I have some 'spare' bandwidth)

if the troubles is bandwidth exhaustion then you either get a bigger pipe,
or are forced to work upstream to get the traffic sidetracked/blocked
there.  If the DDOS relates also or else to cpu/mem over consumption then
you build a bigger server that can handle the loads in stressed times as
well, or cluster smaller servers to do the same.

Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html