[Full-Disclosure] Block notification / bounce mails (as in DDOS)
dufresne at winternet.com
Thu Apr 1 22:15:00 BST 2004
On Thu, 1 Apr 2004, Koen wrote:
> Luke Norman wrote:
> >> What do you all suggest to this 'seemingly' DDOS-attack (allthough not
> >> intended as a DOS)?
> > Set up a server-side bayesian filter to block all e-mails containing
> > certain words (such as 'address not found' or similar). I'd be very
> > suprised if there isn't a filter like this already available if you
> > google it. Have a look at the 'fighting useless notification mails'
> > thread from a few days ago, which is a related topic
> This would be an option if the mailserver is still capable of handling all or
> some of the mail. As the question was raised, this is not the case. The
> 'theoratical' situation is that my mailserver is as dead as a doornail (not
> really crashed but out of oxygen..network-bandwidth).
> Thanks anyway for the response (and yes, the thread on fighting.... is indeed
> very helpful for the case where I have some 'spare' bandwidth)
if the troubles is bandwidth exhaustion then you either get a bigger pipe,
or are forced to work upstream to get the traffic sidetracked/blocked
there. If the DDOS relates also or else to cpu/mem over consumption then
you build a bigger server that can handle the loads in stressed times as
well, or cluster smaller servers to do the same.
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
Full-Disclosure is hosted and sponsored by Secunia.