[Maia-users] Mail attack....
Stephen Carter
Stephen at retnet.co.uk
Sat Aug 19 11:00:22 PDT 2006
I think it's worth clarifying those options for others out there ...
Either the attack stopped on it's own, or changing the recipient reject code to 550 did it, although if it's the later I didn't think spamming bots or programs generally retried to send even after a 450 reply due to the high cost associated with that. I thought that's what greylisting basically counts on... maybe I'm confused??.
The verification database map mentioned is a great option but not required. On it's own, without the verify file option, the list of verified probes are cached in memory and are cleared either after an expiry timeout (configurable) or when postfix is stopped or reloaded. I'm not sure how big this database can get when configured as a file but the postfix documentation says this option isn't on by default due to possible disk space problems so it may be worth keeping an eye on it for a bit and see how large it grows. The obvious advantage though is the database will persist after a postfix reload thereby saving some probing due to a restart.
Stephen Carter
Retrac Networking Limited
www: http://www.retnet.co.uk
Ph: +44 (0)7870 218 693
Fax: +44 (0)870 7060 056
CNA, CNE 6, CNS, CCNA, MCSE 2003
>>> David Sims <dpsims at dpsims.com> 08/19/06 5:05 AM >>>
Hi Ryan,
You are my hero... Your suggested configuration changes have gradually
made a huge difference over a period of 4 or 5 hours.... Now I only see 3
or 4 simultaneous SMTP connections rather than 50 or more....
Thanks a lot for your help!!
Dave
***********************************************************************
On Fri, 18 Aug 2006, Ryan Delany wrote:
> David,
>
> I had the same problem for a long time until I realized my mistake. Since
> you are using address verification, there are two things you can do to
> remedy this situation, and I would suggest both.
>
> 1. Change the 450 to a 550 so the spam doesn't get resent. You may notice
> that you are being attacked by a botnet, which is a lot of legit PCs
> infected with a bot virus, so all the mail comes from legit mail servers
> (the ISP mail servers most likely). You can do this with the following
> entry in main.cf:
>
> unverified_recipient_reject_code = 550
>
> 2. Enable caching of the verification results, like so: (in main.cf)
>
> address_verify_map = btree:/var/spool/postfix/verify
>
> After adding the two lines, do a postfix restart and you should see the
> attacks drop off considerably. The biggest issue you are probably
> experiencing is all of your postfix handles being used up, at least that
> was the case for me. Even after I increased it to 500 concurrent
> connections, I was still getting hammered. Now I run about 11 concurrent
> connections on average(ps - ef | grep smtpd | wc - l).
>
> Good luck!
>
> Ryan
>
> > Hi,
> >
> > On one of my Maia sites I am seeing a significant mail attack.... bogus
> > mail addressed to <random_two_word_name>@domain.com is coming from a large
> > number of IP addresses.... Of course, since I am probing the mail server
> > for valid username before accepting this mail I am able to reject it
> > rather than accept it, but this process requires resource...
> >
> > Here is an example from mail.log:
> >
> > Aug 18 18:46:10 filter postfix/smtpd[5450]: connect from
> > ailen.telecom.com.ar[200.3.94.199]
> > Aug 18 18:46:13 filter postfix/smtpd[5450]: NOQUEUE: reject: RCPT from
> > ailen.telecom.com.ar[200.3.94.199]: 450 <archcurrant at foo.com>: Recipient
> > address rejected: undeliverable address: host xx.xxx.xx.xxx[xx.xxx.xx.xxx]
> > said: 550 5.1.1 <archcurrant at foo.com>... User unknown (in reply to RCPT
> > TO command); from=<> to=<archcurrant at foo.com> proto=ESMTP
> > helo=<intersrv.telecom.com.ar>
> >
> > Here is a typical netstat - ant:
> >
> > root at filter:~ # netstat - ant
> > Active Internet connections (servers and established)
> > Proto Recv- Q Send- Q Local Address Foreign Address State
> > tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN
> > tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
> > tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN
> > tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
> > tcp 0 0 192.168.1.251:25 81.223.187.74:32870 SYN_RECV
> > tcp 0 0 192.168.1.251:25 63.175.64.130:29320 SYN_RECV
> > tcp 0 0 192.168.1.251:25 66.28.189.24:52889 SYN_RECV
> > tcp 0 0 192.168.1.251:25 134.129.200.38:35392 SYN_RECV
> > tcp 0 0 192.168.1.251:25 66.207.69.109:46457 SYN_RECV
> > tcp 0 0 192.168.1.251:25 213.56.31.142:48455 SYN_RECV
> > tcp 0 0 192.168.1.251:25 210.54.141.242:26418 SYN_RECV
> > tcp 0 0 192.168.1.251:25 210.150.10.192:18423 SYN_RECV
> > tcp 0 0 192.168.1.251:25 66.143.49.25:48323 SYN_RECV
> > tcp 0 0 192.168.1.251:25 192.115.100.141:36407 SYN_RECV
> > tcp 0 0 192.168.1.251:25 195.250.139.226:62630 SYN_RECV
> > tcp 0 0 192.168.1.251:25 65.75.75.36:35443 SYN_RECV
> > tcp 0 0 192.168.1.251:25 195.226.145.206:51920 SYN_RECV
> > tcp 0 0 192.168.1.251:25 209.73.160.70:31073 SYN_RECV
> > tcp 0 0 192.168.1.251:25 206.65.173.204:25779 SYN_RECV
> > tcp 0 0 192.168.1.251:25 143.126.201.210:57179 SYN_RECV
> > tcp 0 0 192.168.1.251:25 63.98.13.135:45950 SYN_RECV
> > tcp 0 0 192.168.1.251:25 62.212.83.215:55580 SYN_RECV
> > tcp 0 0 192.168.1.251:25 213.46.255.16:7645 SYN_RECV
> > tcp 0 0 192.168.1.251:25 203.179.50.234:63304 SYN_RECV
> > tcp 0 0 192.168.1.251:25 203.150.14.107:1634 SYN_RECV
> > tcp 0 0 192.168.1.251:25 62.159.188.146:3893 SYN_RECV
> > tcp 0 0 192.168.1.251:25 62.105.131.62:3163 SYN_RECV
> > tcp 0 0 192.168.1.251:25 193.230.189.12:57561 SYN_RECV
> > tcp 0 0 192.168.1.251:25 209.172.34.50:46938 SYN_RECV
> > tcp 0 0 192.168.1.251:25 69.17.117.52:41941 SYN_RECV
> > tcp 0 0 192.168.1.251:25 209.168.160.74:31869 SYN_RECV
> > tcp 0 0 192.168.1.251:25 202.105.118.22:60463 SYN_RECV
> > tcp 0 0 192.168.1.251:25 216.142.49.99:40069 SYN_RECV
> > tcp 0 0 192.168.1.251:25 66.163.187.185:25604 SYN_RECV
> > tcp 0 0 192.168.1.251:25 129.215.13.3:59327 SYN_RECV
> > tcp 0 0 192.168.1.251:25 213.197.49.198:34959 SYN_RECV
> > tcp 0 0 192.168.1.251:25 208.37.47.254:22485 SYN_RECV
> > tcp 0 0 192.168.1.251:25 202.153.230.67:13234 SYN_RECV
> > tcp 0 0 192.168.1.251:25 66.45.51.9:39308 SYN_RECV
> > tcp 0 0 192.168.1.251:25 80.121.218.242:1517 SYN_RECV
> > tcp 0 0 192.168.1.251:25 65.24.7.12:6980 SYN_RECV
> > tcp 0 0 192.168.1.251:25 207.44.234.62:50720 SYN_RECV
> > tcp 0 0 192.168.1.251:25 216.195.205.35:14010 SYN_RECV
> > tcp 0 0 192.168.1.251:25 208.200.80.210:51331 SYN_RECV
> > tcp 0 0 192.168.1.251:25 213.148.130.14:46775 SYN_RECV
> > tcp 0 0 192.168.1.251:25 203.81.60.165:45843 SYN_RECV
> > tcp 0 0 192.168.1.251:25 62.2.232.19:58522 SYN_RECV
> > tcp 0 0 192.168.1.251:25 83.222.25.114:24562 SYN_RECV
> > tcp 0 0 192.168.1.251:25 203.179.50.234:63266 SYN_RECV
> > tcp 0 0 192.168.1.251:25 66.94.237.26:44348 SYN_RECV
> > tcp 0 0 192.168.1.251:25 81.187.206.181:29565 SYN_RECV
> > tcp 0 0 192.168.1.251:25 200.181.73.252:62658 SYN_RECV
> > tcp 0 0 192.168.1.251:25 202.76.4.65:34594 SYN_RECV
> > tcp 0 0 192.168.1.251:25 194.98.34.77:3968 SYN_RECV
> > tcp 0 0 192.168.1.251:25 194.44.33.235:4579 SYN_RECV
> > tcp 0 0 192.168.1.251:25 205.139.198.27:20294 SYN_RECV
> > tcp 0 0 192.168.1.251:25 210.168.199.20:37113 SYN_RECV
> > tcp 0 0 192.168.1.251:25 200.202.119.98:61138 SYN_RECV
> > tcp 0 0 192.168.1.251:25 66.198.41.9:1162 SYN_RECV
> > tcp 0 0 192.168.1.251:25 65.61.200.88:56543 SYN_RECV
> > tcp 0 0 192.168.1.251:25 194.27.192.4:56677 SYN_RECV
> > tcp 0 0 192.168.1.251:25 217.117.146.230:47437 SYN_RECV
> > tcp 0 0 192.168.1.251:25 200.57.129.20:59424 SYN_RECV
> > tcp 0 0 192.168.1.251:25 65.84.81.12:34310 SYN_RECV
> > tcp 0 0 192.168.1.251:25 200.89.64.32:64408 SYN_RECV
> > tcp 0 0 192.168.1.251:25 210.163.224.3:2740 SYN_RECV
> > tcp 0 0 192.168.1.251:25 80.160.130.114:32871 SYN_RECV
> > tcp 0 0 192.168.1.251:25 212.247.191.130:3618 SYN_RECV
> > tcp 0 0 192.168.1.251:25 207.207.43.7:60498 SYN_RECV
> > tcp 0 0 192.168.1.251:25 211.190.5.250:27410 SYN_RECV
> > tcp 0 0 192.168.1.251:25 139.15.238.165:55110 SYN_RECV
> > tcp 0 0 192.168.1.251:25 200.57.129.35:55579 SYN_RECV
> > tcp 0 0 192.168.1.251:25 67.120.207.241:64719 SYN_RECV
> > tcp 0 0 192.168.1.251:25 64.167.65.146:44410 SYN_RECV
> > tcp 0 0 192.168.1.251:25 149.157.1.19:64588 SYN_RECV
> > tcp 0 0 192.168.1.251:25 69.129.38.210:20748 SYN_RECV
> > tcp 0 0 192.168.1.251:25 83.236.167.196:3436 SYN_RECV
> > tcp 0 0 192.168.1.251:25 216.223.91.74:30223 SYN_RECV
> > tcp 0 0 192.168.1.251:25 64.218.72.20:33605 SYN_RECV
> > tcp 0 0 192.168.1.251:25 70.88.72.130:30566 SYN_RECV
> > tcp 0 0 192.168.1.251:25 12.19.230.30:2743 SYN_RECV
> > tcp 0 0 192.168.1.251:25 208.254.254.68:5161
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 66.240.178.227:34546
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 217.157.178.135:15611
> > ESTABLISHED
> > tcp 0 37 192.168.1.251:25 151.1.232.30:43803
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 195.39.90.98:11187
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 66.20.213.162:60531
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 62.134.61.39:50418
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 68.109.247.69:3889
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 203.81.162.13:53520
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 58.210.249.244:20622
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 200.176.131.72:40277
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 69.95.142.231:45216
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 68.153.178.110:56685 TIME_WAIT
> > tcp 0 0 192.168.1.251:25 70.246.201.65:32854
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 195.249.34.86:44965
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 80.246.121.34:59142 FIN_WAIT2
> > tcp 0 0 192.168.1.251:25 66.113.130.241:50390 FIN_WAIT2
> > tcp 0 0 192.168.1.251:25 222.66.45.206:32052
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 213.152.131.187:56122
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 209.126.184.3:59296
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 200.162.36.29:3327
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 193.42.201.86:54609
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 68.143.92.130:41162
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 80.127.135.165:54021
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 213.16.20.15:56813
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 80.33.159.160:12295
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 217.66.72.248:4652
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 216.239.92.67:33555
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 213.2.65.242:6317
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 63.103.9.10:1030 TIME_WAIT
> > tcp 0 0 192.168.1.251:25 72.54.83.178:25685
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 66.198.41.9:4251
> > ESTABLISHED
> > tcp 1 0 192.168.1.251:25 65.54.246.232:55530
> > CLOSE_WAIT
> > tcp 0 0 192.168.1.251:25 24.199.198.148:6934
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 64.170.231.22:27751
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 165.98.138.5:1746
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 198.96.13.44:50174
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 82.200.143.174:42537 FIN_WAIT2
> > tcp 0 0 192.168.1.251:25 82.112.198.133:7026
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 200.57.129.36:57637
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 202.155.199.82:16055 TIME_WAIT
> > tcp 0 0 192.168.1.251:25 84.48.104.160:56319
> > ESTABLISHED
> > tcp 1 0 192.168.1.251:25 217.117.146.230:37766
> > CLOSE_WAIT
> > tcp 0 0 192.168.1.251:25 209.136.12.130:50625
> > ESTABLISHED
> > tcp 0 38 192.168.1.251:25 192.35.35.6:58686 LAST_ACK
> > tcp 0 38 192.168.1.251:25 192.31.106.4:42569 LAST_ACK
> > tcp 0 0 192.168.1.251:25 35.8.112.203:26039
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 216.129.98.169:56463
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 65.174.244.32:42048
> > ESTABLISHED
> > tcp 1 0 192.168.1.251:25 192.165.213.23:43037
> > CLOSE_WAIT
> > tcp 0 0 192.168.1.251:25 66.163.187.181:48424
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 167.206.177.42:38112 TIME_WAIT
> > tcp 0 0 192.168.1.251:25 200.32.4.218:2100
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 82.200.143.174:42787
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 66.163.187.105:22020 TIME_WAIT
> > tcp 0 0 192.168.1.251:25 212.239.22.166:35284
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 66.128.149.224:43582
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 212.154.36.150:39136
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 66.94.237.46:41770
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 202.82.133.52:1493
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 209.151.253.44:43312
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 195.170.0.94:42501
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 203.152.41.3:39939
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 195.154.101.225:4048
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 166.102.88.225:55249
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 83.246.92.12:40406 TIME_WAIT
> > tcp 0 0 192.168.1.251:25 66.93.100.253:57355
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 212.248.10.18:59219
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 64.79.233.130:9960 TIME_WAIT
> > tcp 0 0 192.168.1.251:25 213.235.186.3:4641
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 200.57.129.17:52058
> > ESTABLISHED
> > tcp 0 37 192.168.1.251:25 156.144.250.104:44976
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 200.3.94.199:61480
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 211.8.120.200:58506
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 217.110.105.71:57933
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 205.200.75.32:58415
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 62.99.128.245:37989
> > ESTABLISHED
> > tcp 1 0 192.168.1.251:25 64.128.20.2:53530
> > CLOSE_WAIT
> > tcp 0 38 192.168.1.251:25 66.70.83.200:2669 LAST_ACK
> > tcp 0 0 192.168.1.251:25 207.59.16.242:31784
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 71.40.86.61:25035
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 66.201.52.30:2088
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 69.53.58.43:37423
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 66.163.187.181:48409
> > ESTABLISHED
> > tcp 1 0 192.168.1.251:25 217.23.163.109:32851
> > CLOSE_WAIT
> > tcp 0 0 192.168.1.251:25 63.243.45.164:53199
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 206.130.183.5:4212
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 210.54.6.67:1143 TIME_WAIT
> > tcp 0 0 192.168.1.251:25 80.168.60.155:17143
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 194.131.158.5:2271
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 66.94.237.26:40047
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 200.3.94.199:61604
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 82.200.143.174:42583 TIME_WAIT
> > tcp 0 0 192.168.1.251:25 208.178.137.76:40822
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 200.35.163.193:54462
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 202.155.50.29:35944
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 194.2.8.84:51842 TIME_WAIT
> > tcp 0 0 192.168.1.251:25 60.32.107.65:57110
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 128.2.141.33:62706
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 200.230.233.54:36262
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 80.126.170.243:50631
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 61.120.64.26:46908
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 133.15.115.8:62122
> > ESTABLISHED
> > tcp 0 38 192.168.1.251:25 65.54.246.231:15430 LAST_ACK
> > tcp 0 0 192.168.1.251:25 206.53.234.122:16124
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 65.54.246.204:30250
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 216.9.248.6:61295
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 212.20.64.138:57657 FIN_WAIT2
> > tcp 0 0 192.168.1.251:25 200.72.241.14:3308 TIME_WAIT
> > tcp 0 0 192.168.1.251:25 66.102.124.218:10084
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 134.74.16.1:50688
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 62.93.183.34:6162
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 192.149.244.24:3235
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 87.249.104.171:37840
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 68.93.19.200:31533
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 198.172.233.194:39020
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 208.49.131.13:2024
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 65.110.11.242:37567
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 206.190.53.185:20570
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 12.145.58.70:3258
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 58.185.40.130:58043
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 70.89.94.205:19235
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 62.154.206.42:46703
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 38.112.92.232:27114
> > ESTABLISHED
> > tcp 1 0 192.168.1.251:25 217.117.146.230:20013
> > CLOSE_WAIT
> > tcp 0 0 192.168.1.251:25 82.200.143.174:42437 FIN_WAIT2
> > tcp 0 0 192.168.1.251:25 69.38.87.36:56710
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 207.50.192.4:57253 TIME_WAIT
> > tcp 0 0 192.168.1.251:25 80.37.56.61:45042
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 196.34.17.203:1621
> > ESTABLISHED
> > tcp 0 0 192.168.1.251:25 62.119.65.179:9448
> > ESTABLISHED
> > tcp6 0 0 :::80 :::* LISTEN
> > tcp6 0 0 :::22 :::* LISTEN
> > tcp6 0 0 :::25 :::* LISTEN
> > tcp6 0 0 ::ffff:192.168.1.251:22 ::ffff:192.168.1.:36322
> > ESTABLISHED
> > tcp6 0 9088 ::ffff:192.168.1.251:22 ::ffff:192.168.1.:36324
> > ESTABLISHED
> >
> >
> > Does anyone have any experience with this type of DDoS attack?? Any
> > suggestions for fending it off?? Maia seems to be weathering the storm but
> > mail is queueing up.... Any and all advice would be welcome...
> >
> > Dave Sims
> > _______________________________________________
> > Maia- users mailing list
> > Maia- users at renaissoft.com
> > http://www.renaissoft.com/mailman/listinfo/maia- users
> >
>
>
_______________________________________________
Maia- users mailing list
Maia- users at renaissoft.com
http://www.renaissoft.com/mailman/listinfo/maia- users
More information about the Maia-users
mailing list