On Sat, 8 Sep 2001, Len Conrad wrote:
> The above section of the maillog report is about 3600 lines, so are you
> saying that 3600 unspoofed, different ipīs are doing the attack? Thatīs
> "distributed" if I ever saw one.
>
> I suppose one "master" PC could be relaying through all those open relays
> against this one MX host.
If someone's vicious enough, that doesn't sound too unbelieveable.
But, regarding the possibility of tcp spoofing: What version of FreeBSD
is the client running? If it's < 4.2 that is a possibility. However,
given that the IPs are almost all from open relays, it seems much more
likely that this has nothing to do with spoofing.
What is the content of these e-mails? I wonder if it's possible that
someone is spamming with an e-mail address at your client's domain.
Subsequently, those being spammed at using ordb/rbl to reject the message,
and the open relay is then sending your client the bounce message.
Mike "Silby" Silbersack
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
