[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Is this some kind of Denial Of Service Attack

Subject: RE: [cobalt-users] Is this some kind of Denial Of Service Attack
From: "Dan Kriwitsky" <list1@xxxxxxxxxxxxxxxxxxxx>
Date: Tue Oct 22 07:08:01 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

> I have just noticed that someone were trying to relay mail 
> through our server 
> and the attempts were more than once from the same IP 
> address.  He was unable 
> to relay anything through the server but he managed to 
> generate a sendmail 
> error as shown below.  My question is this some type of DoS 
> attack that 
> intended to break-into the server or sendmail.
> 
> Oct 21 05:08:18 ns sendmail[5350]: g9L96wQ05350: SYSERR: putoutmsg 
> (node-c-8235.a2000.nl): error on output channel sending "550 5.7.1 
> <devp94g@xxxxxxxxxx>... Relaying denied.  Please check your 
> mail first.": 
> Broken pipe.
> 

That error will also be seen if you have a domain in your DNS pointed at
the server but not set up as a virtual site or an email alias and
someone tries to send mail to any address at that domain. In order to do
any DoS, you would be needing to be hit hundreds of times a minute at
least. I don't see how these attempts would break sendmail.
node-c-8235.a2000.nl has an open socks proxy according to
relays.osirusoft.com, which is why the error message isn't being
received.

References:
- [cobalt-users] Is this some kind of Denial Of Service Attack
  - From: aljuhani

Prev by Date: Re: [cobalt-users] E-mail Catch All
Next by Date: [cobalt-users] RAQ4R - Boot Hang - Checking Disk....*
Previous by thread: [cobalt-users] Is this some kind of Denial Of Service Attack
Next by thread: Re: [cobalt-users] Is this some kind of Denial Of Service Attack

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index