[CentOS] Email dictionary attacks and firewall

John Hinton

webmaster at ew3d.com
Wed Aug 16 09:49:48 UTC 2006


I keep seeing 'Joe Average compromised computer on broadband' being used 
to do email dictionary attacks on our systems. Seems I always have 
several domains going through these. One in particular has been in the 
'a-' list for weeks with about 20,000 attempts per day from various 
systems. Yeah, I do have a system which blocks email from these systems 
for a period of time after 3 bad email address attempts.... throttling...

Anyway, this brought to mind.... Joe Average! Joe Average buys a 
broadband connection, has someone hook up his computer.. talks to tech 
support about everything and eventually, an AV subscription dies or 
something and Joe just doesn't care or doesn't know how to deal with 
that. Meanwhile Joe's computer gets a virus allowing some baddy to start 
sending email. Joe notices his computer is getting a little slow.. but 
it's not bad enough to worry about.

So, this made me start wondering about how to do something that makes 
Joe's computer so slow that he finally gives up and calls in tech 
support to fix the damned thing.

I wonder if there is a way that a firewall rule could be written, that 
would let a trickle of the connection from Joe through, so as his 
dictionary attack gets backed up with a huge number of connections which 
are trickling through at such a slow rate, with maybe just enough delay 
built in to make it keep trying.... Basically making Joe's compromised 
computer useless.. and maybe he'd at least turn it off if it didn't lock 
up all by itself....

It is so very sad that some providers don't monitor their own people. I 
see where comcast has now slid down to number 8 after holding the number 
one spot as the biggest spammer network for a very long time. Good for 
them! It seems the undisputed king of this world now is 
verizonbusiness.com.... bad bad very bad....

Sorry.. yeah.. a bit off topic......

John Hinton



More information about the CentOS mailing list