Hi all,
I forward this as this could be happening elsewhere? What actions were
taken? We can hear more on this at the pacnog training next week
-----Original Message-----
From: Anthony M. Muller [mailto:Tony.Muller@ntamar.net]
Sent: Wednesday, 25 June 2008 3:42 PM
To: Fred Christopher
Cc: PITA Coordinator
Subject: Zombie attacks RMI
Hi Fred, hope all is well...refer to message and circulate to PITA members:
Around midnight June 23, 2008, traffic on our incoming mail gateways
peaked above four times their normal levels; however, our users were not
receiving email messages, nor SPAM. This higher than normal level of
traffic was created as each of our incoming mail gateways were subjected
to over 500 SMTP connections per second. These unusually high numbers
of connections did not actually deliver email messages as the mail
queues on our incoming mail gateways remained empty. This is quite
different from the normal SPAM attacks we see daily; SPAM actually tries
to flood our queues with email messages, however, this attack was
designed to keep our servers constantly locked to zombies, while
blocking legitimate e-mail. This is a measure that is consistent with
an incoming e-mail Distributed Denial of Service attacks (DDoS) using
spoofed IP addresses.
Currently, our technical team has put in place measures and filters to
tame this attack and email appears to be flowing normally. We will
continue to monitor and add resources as necessary to return e-mail
services to normal. Our outgoing e-mail service was not affected by
this attack.
Kind regards,
Tony
