August 17, 2007Attack of the Clowns
On a typical day in the neighborhood, my dannyg.com email server suffers between 50 and 200 attempts to relay spam or malware. All of those attempts are blocked, of course, and in the grand scheme of things, that volume isn't such a big deal. But my eyes popped out of their sockets today when I saw that the volume increased to over 23,000 for yesterday.
I dug into the logs to see what was happening. In this case, there were 23,454 attempts to relay, all originating from the same IP address, spaced over a 2.5 hour period. That comes to an average of 2.6 attempts per second, not exactly a Denial-of-Service attack.
The IP address is owned by Deutsche Telekom, and more specifically, T-Systems Business Services (whose logo looks like that of T-Mobile). I've asked for an explanation, but I doubt I'll get it.
It's obvious that the attempts were made through an automated bot of some type—a really stupid bot that won't take "No!" for an answer. 23,453 times.Posted on August 17, 2007 at 07:59 AM