Hi Guys, We've had to block 200.0.0.0/8 from our MTAs temporarily, our mail queue jumped to around 30,000 messages at around 6:40 this morning and we're still taking more than one message per second from MTAs which are predominantly in that netblock. There are exceptions now but blocking 200/8 certainly reduced the load something chronic. Looks like a sweep (random(a)ourdomain) looking for valid targets, and the source addresses are random(a)a-valid-but-forged-domain. As a result our MTAs are now bombarding the source domain MTA trying to bounce all the invalid addresses, and now we're getting complaints from them... Wonder whether any other NZ ISPs have seen this happen recently or whether this is the first of many? - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
About 2 weeks ago we had the same problem.
Ended up having to temporarily block 200.0.0.0 and 196.0.0.0. (All seemed to
have come from these 2 Class A's.)
Seemed to be a DOS that was distributed, all the same content but from all
over the place but concentrated on 1 domain.
Peaked at about 9 tps.
Took the block off after about a day. Most sources had sorted out there end
by then.
Have noticed an upsurge in address mining lately.
Regards
Steve.
----- Original Message -----
From: "Mark Foster"
Hi Guys,
We've had to block 200.0.0.0/8 from our MTAs temporarily, our mail queue jumped to around 30,000 messages at around 6:40 this morning and we're still taking more than one message per second from MTAs which are predominantly in that netblock. There are exceptions now but blocking 200/8 certainly reduced the load something chronic.
Looks like a sweep (random(a)ourdomain) looking for valid targets, and the source addresses are random(a)a-valid-but-forged-domain. As a result our MTAs are now bombarding the source domain MTA trying to bounce all the invalid addresses, and now we're getting complaints from them...
Wonder whether any other NZ ISPs have seen this happen recently or whether this is the first of many?
- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
It would have been about a month ago we blocked 200.168/16 (telesp.net.br). Late yesterday, this was expanded and now includes 200.171/16 and 200.204/15. No surprise it belongs to the same outfit. However, this action is predominantly due to spam via alphabet attacks on the Xtra domain. We've reported directly to telesp.net.br on more than one occasion but with no response. Cheers Des - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
Hello, I want to set up a radius server as we are looking at using Telecoms IP.office/IP.remote (or whatever it is called) here. I have never set up a radius server and only know what I have read about it. I have set up Bind, Apache, QMail and various other Linux based systems so hopefully this is not out of my capabilities. As with all Linux software there is many options to choose from eg: Cistron Radius, Livingston Radius, GNU Radius, ICRadius, FreeRadius. I understand that radius is a standard but from experience (eg: IPSec) different implementations are not always completely compatible. What radius server would people recommend? It is to be used with Telecoms IP.whatever, and needs to run on Linux (or BSD). cheers, Bjorn Nilsen - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Wed, 7 Aug 2002, Bjorn Nilsen wrote:
Hello,
I want to set up a radius server as we are looking at using Telecoms IP.office/IP.remote (or whatever it is called) here. I have never set up a radius server and only know what I have read about it. I have set up Bind, Apache, QMail and various other Linux based systems so hopefully this is not out of my capabilities. As with all Linux software there is many options to choose from eg: Cistron Radius, Livingston Radius, GNU Radius, ICRadius, FreeRadius. I understand that radius is a standard but from experience (eg: IPSec) different implementations are not always completely compatible. What radius server would people recommend? It is to be used with Telecoms IP.whatever, and needs to run on Linux (or BSD).
Not clear if you want a free server or are prepared to pay for one. If the latter see http://www.open.com.au/radiator/index.html I've just been setting this up and I like it. Widely used - see http://www.open.com.au/customerlist.html - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
Yes. Radiator is a _very_ good Radius Package that alot of ISP's in New Zealand use. Easy (if you know perl) to use and getting working well (its a Commercial Package tho). But if you just want an easy to get working. just use cistron radiusd. Craig Whitmore
Not clear if you want a free server or are prepared to pay for one. If the latter see http://www.open.com.au/radiator/index.html
I've just been setting this up and I like it.
Widely used - see http://www.open.com.au/customerlist.html
- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
participants (6)
-
Andy Linton -
Bjorn Nilsen -
Craig Whitmore -
Des Berryman -
Mark Foster -
Steven Schmidt