[Remops] neverending flood
Philippe Gauthier
philippe.gauthier at deuxpi.ca
Tue Oct 9 23:46:56 BST 2007
> > No analisys of the flood was done ? It seems to me
> > a mixmaster-only middle-only flood that nilsimsa is unable to
> > intercept.
>
> I use syslog-ng and enabled some filtered logging to try and identify a
> source. Whilst it's impossible to say with any certainty that a given
> address is the cause, there were some very strong pointers to a specific
> DHCP managed sub-domain.
>
> I'd be interested to hear if any other remops have taken steps to
> identify or block the source. It's always a sensitive topic to discuss
> after the very public attempts by Frog-Admin to identify a flooder back
> in February 2000 but IMO there's reasonable justification for trying to
> prevent the ingress of thousands of messages from a single source,
> providing it can be done without a trumpet fanfare and a public naming
> of the suspected instigator.
I don't have too much time to think about how to make good tools (i.e.
privacy friendly and reliable) to analyze the source of the flood, but
if anyone has suggestions I would be glad to help. It looks like the
deuxpi remailer would be a good candidate for this work (over 100,000
messages per day for a few days!)
I also tried to filter the Postfix "anvil" log, but it just points to
other remailer IP addresses.
--
Philippe Gauthier <philippe.gauthier at deuxpi.ca>
Deuxpi Admin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message
=?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
Url : http://lists.mixmin.net/pipermail/remops/attachments/20071009/2caca458/attachment.pgp
More information about the Remops
mailing list