Dealing with SMTP invalid command attack
Posted
by
mark
on Server Fault
See other posts from Server Fault
or by mark
Published on 2012-09-03T16:47:06Z
Indexed on
2012/09/03
21:39 UTC
Read the original article
Hit count: 228
One of our semi-busy mail servers (sendmail) has had a lot of inbound connections over the past few days from hosts that are issuing garbage commands.
In the past two days:
- incoming smtp connections with invalid commands from 39,000 unique IPs
- the IPs come from various ranges all over the world, not just a few networks that I can block
- the mail server serves users throughout north america, so I can't just block connections from unknown IPs
- sample bad commands: http://pastebin.com/4QUsaTXT
I am not sure what someone is trying to accomplish with this attack, besides annoy me.
any ideas what this is about, or how to effectively deal with it?
© Server Fault or respective owner