[nsp-sec] A mystery - Where did the spam go?
Joel Rosenblatt
joel at columbia.edu
Tue Feb 26 09:50:31 EST 2008
We have had to add extra capacity to handle these and we are running a modified SMTP server that rejects them as soon as we see that the to address is jrs54449
Our CS department had to turn over email processing to us because they could not handle the volume.
I figure that at least two of our servers are there just because of this nonsense.
Joel
--On Tuesday, February 26, 2008 8:23 AM -0330 "White, Gerard" <Gerard.White at aliant.ca> wrote:
>
> Depending on the "intensity" of these Joe-Jobs, they have been known to
> knock over SMTP platforms that can't tolerate the sudden infiltration of
> bounce messages towards them...
>
> GW
> 855 - Bell Aliant
>
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Borja Marcos
> Sent: Tuesday, February 26, 2008 7:43 AM
> To: Joel Rosenblatt
> Cc: nsp-security at puck.nether.net
> Subject: Re: [nsp-sec] A mystery - Where did the spam go?
>
> ----------- nsp-security Confidential --------
>
>
> On Feb 25, 2008, at 5:52 PM, Joel Rosenblatt wrote:
>
>> I may have mentioned this before, but we typically get between 2 and
>> 3 million bounce messages a day to jra54449 at cs.columbia.edu - an ID
>> that has never existed
>> at Columbia.
>>
>> Over the last 20 days, the number of messages went from 2 million+
>> down to 13,354 and then back up to 1.1 million.
>
> Something similar going on with spoofed "@ghsa.com" messages. We were
> receiving around 2.5 million bounces a day.
>
>
>
>
> Borja.
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel
More information about the nsp-security
mailing list