[nsp-sec] Bounce message backscatter attack against abuse mailbox
Guilherme Venere
venere at cais.rnp.br
Fri Apr 25 13:38:14 EDT 2008
Hello,
We also had a large increase in spam received in one of our services
support mailbox a couple days ago, and another one around 15 days ago
against a different address. Both stopped 24 hours after starting.
The difference between both attacks is that the first e-mail is publicly
available, while the second were not (i.e. it was an alternate e-mail
address for a user, not used in a long time, and never displayed in any
webpage nor used to send e-mail outside our company).
Cheers,
Guilherme
CAIS/RNP AS1916
On Thu, 24 Apr 2008, Mike Hughes wrote:
> ----------- nsp-security Confidential --------
>
> Folks,
>
> Just FYI more than anything, we're seeing the second bounce message
> backscatter attack targeted at our abuse@ mailbox in 12 hours.
>
> Someone sending what looks like old spams out with a From: line of our
> abuse role account, evidently intended to joe-job or cause nuisance to
> people monitoring that here.
>
> Not massive in terms of rate, about 20 per minute, but it will probably get
> annoying if these keep coming in for more than about 5-10 mins. We already
> correctly recognise them as bounces and don't open cases for them anyway.
>
> Wondered if anyone else is seeing an increase in rate of this sort of thing?
>
> Mike
> --
> Mike Hughes Chief Technical Officer London Internet Exchange
> mike at linx.net http://www.linx.net/
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
>
More information about the nsp-security
mailing list