Ken A wrote:
Randy wrote:
Martin Gregorie wrote:
Why would a botnet waste resources by sending tens of thousands of
spam to a single e-mail address?
Is it really a spambot or could it be a DDOS attack?
Martin
It is both but not actually. :)
It appears to be a spambot ( botnet ) , and it really isn't enough
traffic to cause DDOS so I really should change the topic header. The
traffic may be 40000 - 100000 emails per day for this email address.
I would think they would try to connect more often to cause a DDOS.
It really isn't a true DDOS since the syn/syn-ack/ack takes place,
but don't quote me on that.
Thanks,
Randy Ramsdell
Are you sure it's not spam bounces (joe job)?
This is more common than a spam attack
Ken
Yeah we get those in spurts, but this appears to not be the case. We are
getting thousands of connects from non MX hosts and many are blocked at
the smtp layer by our mail server. The connecting hosts are non valid
MXes which many do not resolve, are listed in Spamhaus and use fake HELO
all sending to a single e-mail address.
