[CentOS] Email dictionary attacks and firewall

Wed Aug 16 10:49:17 UTC 2006
rado <rado at rivers-bend.com>

On Wed, 2006-08-16 at 05:49 -0400, John Hinton wrote:
> I keep seeing 'Joe Average compromised computer on broadband' being used 
> to do email dictionary attacks on our systems. Seems I always have 
> several domains going through these. One in particular has been in the 
> 'a-' list for weeks with about 20,000 attempts per day from various 
> systems. Yeah, I do have a system which blocks email from these systems 
> for a period of time after 3 bad email address attempts.... throttling...
> 
> Anyway, this brought to mind.... Joe Average! Joe Average buys a 
> broadband connection, has someone hook up his computer.. talks to tech 
> support about everything and eventually, an AV subscription dies or 
> something and Joe just doesn't care or doesn't know how to deal with 
> that. Meanwhile Joe's computer gets a virus allowing some baddy to start 
> sending email. Joe notices his computer is getting a little slow.. but 
> it's not bad enough to worry about.
> 
> So, this made me start wondering about how to do something that makes 
> Joe's computer so slow that he finally gives up and calls in tech 
> support to fix the damned thing.
> 
> I wonder if there is a way that a firewall rule could be written, that 
> would let a trickle of the connection from Joe through, so as his 
> dictionary attack gets backed up with a huge number of connections which 
> are trickling through at such a slow rate, with maybe just enough delay 
> built in to make it keep trying.... Basically making Joe's compromised 
> computer useless.. and maybe he'd at least turn it off if it didn't lock 
> up all by itself....
> 
> It is so very sad that some providers don't monitor their own people. I 
> see where comcast has now slid down to number 8 after holding the number 
> one spot as the biggest spammer network for a very long time. Good for 
> them! It seems the undisputed king of this world now is 
> verizonbusiness.com.... bad bad very bad....
> 
> Sorry.. yeah.. a bit off topic......
> 
> John Hinton
> _______________________________________________
Don't be sorry, John, I'm gettin pissed bout spam myself...I am thinking
about coming up w/a way to somehow forward the spam msg back to who ever
is relaying it 10 fold to get their attn! 

John Rose