Announcement

Collapse
No announcement yet.

Possible Denial of Service Attack?

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Possible Denial of Service Attack?

    BG: Hubby works for a small business owner who does some fairly high-profile work with the local law enforcement agencies. This businessman actually has two business, related but with different names, though it's no secret that the same guy owns both. The businessman has no real IT knowledge, and relies on a guy he calls only when there's problems with his systems. I've actually had to go down to my hubby's office to help people get their laptops connected to his network or locate the shared printer because calling the guy would have meant waiting three days for him to come out. Last month the server for one business was hacked.

    About two weeks ago, the email server for other business started returning messages saying the email was undeliverable because "Too many recipients received this hour". This is a small business that might normally expect a max of a hundred emails in a day total, and this is highly unusual for them (no one has had this problem in the past). It isn't a continuous problem, either; every few days there will be a major problem getting emails through. Hubby's getting really irritated at not being able to get emails to his boss, and no one in the office has a clue as to what's going on. I'm trying to help speed up the troubleshooting process so that when their IT guy gets in after the holidays, he'll at least have a heads-up as to what's going on.

    Any ideas what could be causing the failure notices? Is this a hardware or software issue, or, in light of the hacked server at the other business, is this a possible denial of service attack?
    Sorry, my cow died so I don't need your bull
    Tags: None
  • #2
    I guess someone is using the mail server to send spam. If they are running the mail server themselves, the IT guy should have known better and locked it down against that.
    No trees were killed in the posting of this message.

    However, a large number of electrons were terribly inconvenienced.

    Comment

    • #3
      Unfortunately, there's not enough information here to give an accurate diagnosis. I can think of a few possibilities, and one of them only tangentially involves the mail server.

      1: The mail server itself was hacked, and is now sending out spam. Some watchdog process (on that server or on the ISP) is blocking messages because of it.

      2: The mail server is being bombarded with spam messages (or other messages). It is going into a stupid form of self-defense where it refuses to receive more messages.

      3: The mail server was configured as an open relay, allowing anybody to send any message through it at any time. Depending on the system, the mistake that made it into an open relay could be a very subtle one.

      4: The sending mail server is doing one of the above items, and is actually the one that is returning the message to your husband.

      5: Either of these message server domains could be the victim of a joe job attack, where a spammer is using yet another mail server out there to send email messages claiming to be from one of those two servers. i.e.: The sender is at example1.com, the receiver is at example2.com, and the spammer is at spammer.com. The spammer is sending messages from spammer.com, but claiming to be sending from either example1.com or example2.com. This results in a massive number of "undeliverable message" notices to the domain being forged. The mail server receiving all those messages than reacts using some mechanism to determine it is unable to receive.

      Without looking at the logs of both the sending mail server and the receiving mail server, it is extremely difficult to tell what scenario is happening. It could even be something not listed here, since this is not a comprehensive list.

      I'm sorry, but you really need someone capable of sorting through this mess to look at those servers. I hope the normal IT guy is good enough to do so.

      Comment

      • #4
        I really appreciate the information you guys have given me. I'm hoping that the boss' IT guy is up to speed enough to take care of this. I know just enough to know I have no clue how to stop any of the things that you guys identified.

        The good thing is that hubby can now give this information to the boss so the boss knows how complicated (and probably expensive) the troubleshooting process might be.

        Thanks!
        Sorry, my cow died so I don't need your bull

        Comment

        • #5
          Quoth Pedersen View Post
          3: The mail server was configured as an open relay, allowing anybody to send any message through it at any time. Depending on the system, the mistake that made it into an open relay could be a very subtle one.
          This would be the first thing I'd look for.

          I know my office had problems with this more than once.

          The best was when we realized that every update to our inhouse email server would re-open the relay. Fscking brilliant. That's at least part of why we outsource our email service these days.

          ^-.-^
          Faith is about what you do. It's about aspiring to be better and nobler and kinder than you are. It's about making sacrifices for the good of others. - Dresden

          Comment

          Previous template Next
          Working...