Fairly rude surprise in logs this AM -- possible DoS attempt?

• Previous message: Fairly rude surprise in logs this AM -- possible DoS attempt?
• Next message: Fairly rude surprise in logs this AM -- possible DoS attempt?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jan 19, 2004 at 10:55:11AM -0800, David Wolfskill wrote:
> This morning, the usual quota was augmented by 83610 lines that
> were created during the period 13:03:28 - 16:47:15 yesterday (local
> time), each from 62.58.50.220, dsbl.zonnet.nl.  (Note that there
> are certain packets that I drop silently.)

I call "shennanigans," David, and I call "shennanigans" on their
explanation that they're proxy-testing you.  Either they're lying or
they're horribly misconfigured and rude.  Either way, they're not playing
nice.

RR designed its systems so it would test a sender at MOST once a week.
That test would involve one, and only one, SMTP connection.  There's
nothing else you need to do to verify whether or not something is an open
relay.  

Anything else is them rattling the door on your house trying to see if
you're using a good lock -- MAYBE they're making sure you're not a
crackhouse, but it's far more likely that they're casing the joint.

IMHO.

-roy

• Previous message: Fairly rude surprise in logs this AM -- possible DoS attempt?
• Next message: Fairly rude surprise in logs this AM -- possible DoS attempt?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]