> > I'm not sure whether it's supposed to be a DDOS attack, a dictionary > attack, > > bunch-o-bots or what. Since about the 26th of Dec I've had one > particular > > mailserver that has been dealing with a constant stream of crap...
> That is, if a specific IP address tries sending to bad users more than > X > number of times, it then blocks that IP address from connecting at all > for a set period of time. That was my first thought, unfortunately I don't seem to get any more than 1 or 2 attempts from any given IP address (probably due to my server dropping the connection based on some existing configuration I have in place). But the same will then happen from another IP, in a different part of the world, addressed to a different but similar non-existing address... and so on, and so on. I haven't counted, but based on the flow, I'd estimate I've seen about 1000 distinct IP's... that is what leads me to believe it's some sort of distributed attack. There are some repeat recipients, from different IP's at different times. Like a whole bunch of little zombies all working off of the same list. Cheers, >>>>> Mike <<<<<
