LogSat Software

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

   To whom it may concern,
In the last few days, we've been bombarded by what I believed a denial-attack or mass e-mailing campaing. I looked at the number of connections, and it showed over 16000 or (1600) threads from a single IP address.  It slowed our internet connect almost down to a crawl and populating the logs at an alarming rate.  I've block the the IP address from where it came from.  Why isn't that the SpamFilter dropping the connections on it's own?  I had to stop the Spamfilter service manually in order to stop the connects.  Or is it not configured properly on my part?  Thanks.  Also below is just a small sample of the log.

10/22/04 17:48:43:265 -- (1596) - SPF analysis done: - fail
10/22/04 17:48:43:265 -- (1596) - SPF analysis done: - fail
10/22/04 17:48:43:328 -- (1596) - SPF record found. analyzing: - v=spf1 mx ip4:66.28.139.0/24 ip4:66.98.160.93 ip4:66.98.248.20 ip4:207.246.86.0/25 ip4:208.239.240.102 ip4:208.239.240.73 include:newsletterinc.com include:squabblers.com include:newsletterplanet.com include:nichenewsletters.com -all
10/22/04 17:48:43:437 -- (1596) - SPF record found. analyzing: - v=spf1 mx ip4:66.28.139.0/24 ip4:66.98.160.93 ip4:66.98.248.20 ip4:207.246.86.0/25 ip4:208.239.240.102 ip4:208.239.240.73 include:newsletterinc.com include:squabblers.com include:newsletterplanet.com include:nichenewsletters.com -all
10/22/04 17:48:43:484 -- (1596) - SPF analysis done: - fail
10/22/04 17:48:43:531 -- (1596) - SPF record found. analyzing: - v=spf1 mx ip4:66.28.139.0/24 ip4:66.98.160.93 ip4:66.98.248.20 ip4:207.246.86.0/25 ip4:208.239.240.102 ip4:208.239.240.73 include:newsletterinc.com include:squabblers.com include:newsletterplanet.com include:nichenewsletters.com -all

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
Fastrails Members Profile Send Private Message Find Members Posts Add to Buddy List Guest Group	Post Options Post Reply Quote Fastrails Thanks(0) Quote Reply Topic: Denial Attack Posted: 22 October 2004 at 9:24pm
	To whom it may concern, In the last few days, we've been bombarded by what I believed a denial-attack or mass e-mailing campaing. I looked at the number of connections, and it showed over 16000 or (1600) threads from a single IP address. It slowed our internet connect almost down to a crawl and populating the logs at an alarming rate. I've block the the IP address from where it came from. Why isn't that the SpamFilter dropping the connections on it's own? I had to stop the Spamfilter service manually in order to stop the connects. Or is it not configured properly on my part? Thanks. Also below is just a small sample of the log. 10/22/04 17:48:43:265 -- (1596) - SPF analysis done: - fail 10/22/04 17:48:43:265 -- (1596) - SPF analysis done: - fail 10/22/04 17:48:43:328 -- (1596) - SPF record found. analyzing: - v=spf1 mx ip4:66.28.139.0/24 ip4:66.98.160.93 ip4:66.98.248.20 ip4:207.246.86.0/25 ip4:208.239.240.102 ip4:208.239.240.73 include:newsletterinc.com include:squabblers.com include:newsletterplanet.com include:nichenewsletters.com -all 10/22/04 17:48:43:437 -- (1596) - SPF record found. analyzing: - v=spf1 mx ip4:66.28.139.0/24 ip4:66.98.160.93 ip4:66.98.248.20 ip4:207.246.86.0/25 ip4:208.239.240.102 ip4:208.239.240.73 include:newsletterinc.com include:squabblers.com include:newsletterplanet.com include:nichenewsletters.com -all 10/22/04 17:48:43:484 -- (1596) - SPF analysis done: - fail 10/22/04 17:48:43:531 -- (1596) - SPF record found. analyzing: - v=spf1 mx ip4:66.28.139.0/24 ip4:66.98.160.93 ip4:66.98.248.20 ip4:207.246.86.0/25 ip4:208.239.240.102 ip4:208.239.240.73 include:newsletterinc.com include:squabblers.com include:newsletterplanet.com include:nichenewsletters.com -all

Desperado Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 27 January 2005 Location: United States Status: Offline Points: 1143	Post Options Post Reply Quote Desperado Report Post Thanks(0) Quote Reply Posted: 23 October 2004 at 11:20am
	Can you post what version of SpamFilter you are usinging? Dan S.

LogSat Members Profile Send Private Message Find Members Posts Add to Buddy List Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104	Post Options Post Reply Quote LogSat Report Post Thanks(0) Quote Reply Posted: 25 October 2004 at 12:55am
	Vinh, As Dan S. already asked, I'll have to do the same. We'll need to know what version of SpamFilter you're using to see if you are experiencing the effects of a bug fixed by the follwowing build: // New to VersionNumber = '2.1.1.372'; {TODO -cFix : SPF - fixed issue with logfile becoming huge due to loops in SPF include directive} Roberto F. LogSat Software

Fastrails Members Profile Send Private Message Find Members Posts Add to Buddy List Guest Group	Post Options Post Reply Quote Fastrails Thanks(0) Quote Reply Posted: 25 October 2004 at 1:00am
	Hey Dan/Robert, I've been meaning to get back to you guys. I am currently testing version 2.1.1.367. Is version 2.1.1.372 available for download? Thanks. V

LogSat Members Profile Send Private Message Find Members Posts Add to Buddy List Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104	Post Options Post Reply Quote LogSat Report Post Thanks(0) Quote Reply Posted: 26 October 2004 at 11:17pm
	Vinh, For registered users, the latest build available is 2.1.1.385. The latest free version is 2.1.1.367. Roberto F. LogSat Software

LogSat Software

Site Navigation[Skip]

Spam Filter ISP Support Forum

Denial Attack