donno. His emails to me are kinda all over the map so it's hard to say. His latest email said the cause of it was qmail. his client has some community based email list around 40k a week. He sent it out and the server stopped sending local mail and isn't serving the site anymore.
The explanation doesn't make sense to me. Perhaps this was caused by an ipchain throttling rule limiting the amount of concurrent connections? (there's going to be tons of dns lookups for 40k emails) but that shouldn't stop other services. I had him check all of his logs and he reports normal activity and no breakins. Ideas? justin -----Original Message----- From: Joey Hess [mailto:[EMAIL PROTECTED] On Behalf Of Joey Hess Sent: Thursday, May 02, 2002 12:01 PM To: debian-user@lists.debian.org Subject: Re: advice-- a friend claims he's under attack Shawn McMahon wrote: > begin justin cunningham quotation: > > Hi, sorry for the dramatic subject; a guy with a server in my colo > > called me saying his site and mail is down and he had trouble reaching > > the box. He's sshed in now and says netstat -n shows lots of > > established connections. I told him to kill them and set ip chain rule > > to deny all from that ip. What other advice can I give him immediately? > > Shut the box down and mail it to him. NOW. It's a danger to the > security of all your customers. Because someone has opened many connections to it in a possible DOS? Explain. -- see shy jo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
