[Remops] neverending flood
Bananasplit Admin
admin at bananasplit.info
Mon Oct 8 10:56:35 BST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On Mon, Oct 08, 2007 at 06:53:25AM +0200, Marco A. Calamari wrote:
> After more than one month, the flood doesn't appear to
> stop; there are changes to the set of flooded remailer
> and the more a remailer in performing, the more is flooded.
Yes, it seems the originator is using a high MINREL when forming his
remailer chains.
> No analisys of the flood was done ? It seems to me
> a mixmaster-only middle-only flood that nilsimsa is unable to
> intercept.
I use syslog-ng and enabled some filtered logging to try and identify a
source. Whilst it's impossible to say with any certainty that a given
address is the cause, there were some very strong pointers to a specific
DHCP managed sub-domain.
I'd be interested to hear if any other remops have taken steps to
identify or block the source. It's always a sensitive topic to discuss
after the very public attempts by Frog-Admin to identify a flooder back
in February 2000 but IMO there's reasonable justification for trying to
prevent the ingress of thousands of messages from a single source,
providing it can be done without a trumpet fanfare and a public naming
of the suspected instigator.
- --
() ascii ribbon campaign - against html e-mail
/\ www.asciiribbon.org - against proprietary attachments
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHCf7TlKZ6CY7Vd0MRCgdpAKCxSnwDE/2n9nWL6kThEa8OqtQiZQCguO1A
RdZoGKcD3EHUpf2x7PlX6e8=
=t0hd
-----END PGP SIGNATURE-----
More information about the Remops
mailing list