1996-09-13 - Re: PANIX.COM down: denial of service attack

Header Data

From: “Perry E. Metzger” <perry@piermont.com>
To: M C Wong <mcw@hpato.aus.hp.com>
Message Hash: 044177571b35d39e465535ec2239edb29928aab1ecc63484086156591794f867
Message ID: <199609130408.AAA09629@jekyll.piermont.com>
Reply To: <199609130334.AA161125684@relay.hp.com>
UTC Datetime: 1996-09-13 06:57:55 UTC
Raw Date: Fri, 13 Sep 1996 14:57:55 +0800

Raw message

From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 13 Sep 1996 14:57:55 +0800
To: M C Wong <mcw@hpato.aus.hp.com>
Subject: Re: PANIX.COM down: denial of service attack
In-Reply-To: <199609130334.AA161125684@relay.hp.com>
Message-ID: <199609130408.AAA09629@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



M C Wong writes:
> >                For those who are IP hackers, the problem is that we're
> >                being flooded with SYNs from random IP addresses on
> >                our smtp ports. We are getting on average 150 packets
>                      ^^^^
> 
>                  Can't access to this port be guarded against by a filtering
> 		 router which is configured to accept *only* a number of
> 		 trusted MX hosts ?

Sure -- if you only want to accept mail from fifteen machines on
earth. If on the other hand your users might get mail from anywhere on
earth, your mail ports have to be open to connections from anywhere.

.pm





Thread