[nsp-sec] Bounce message backscatter attack against abuse mailbox
Larry J. Blunk
ljb at merit.edu
Thu Apr 24 10:20:42 EDT 2008
We had this happen a couple nights ago with one
of our addresses (not abuse). Not clear if this was
just to send spam from a legitimate looking address
or some sort of attack. I ended up setting up an SPF
record for the domain (but this was after the bounces
had ended). Anyone know if SPF records will help
prevent this?
-Larry Blunk
Merit
Mike Hughes wrote:
> ----------- nsp-security Confidential --------
>
> Folks,
>
> Just FYI more than anything, we're seeing the second bounce message
> backscatter attack targeted at our abuse@ mailbox in 12 hours.
>
> Someone sending what looks like old spams out with a From: line of our
> abuse role account, evidently intended to joe-job or cause nuisance to
> people monitoring that here.
>
> Not massive in terms of rate, about 20 per minute, but it will probably get
> annoying if these keep coming in for more than about 5-10 mins. We already
> correctly recognise them as bounces and don't open cases for them anyway.
>
> Wondered if anyone else is seeing an increase in rate of this sort of thing?
>
> Mike
>
More information about the nsp-security
mailing list