[Mimedefang] Strange activity
Yizhar Hurwitz
yizhar at mail.com
Thu Jan 5 14:40:59 EST 2006
HI.
> From: "David F. Skoll"
> Subject: [Mimedefang] Strange activity
> Has anyone noticed some strange activity lately? Specifically, one of our
> customers has been hit by hundreds or thousands of machines that open SMTP
> connections to his boxes and then just sit there, leaving the connection
> idle. This wreaks havoc by creating tons and tons of Sendmail processes.
I would like to suggest another possible explanasion to the "buggy" spam bot.
Issues like that might also be related to MTU .
Have you checked the MTU value of your customer mail servers?
Can you try to ping with different packet sizes to some of the sender IP addresses?
I do agree that the most reasonable explanasion so far is a spam/dictioanry/other attack software,
but in addition you should also consieder layer 3 networking issues,
or a combination of attacks hanging due to layer 3 problems or client side limitted bandwidth.
Yizhar Hurwitz
http://yizhar.mvps.org
More information about the MIMEDefang
mailing list