[TriLUG] spam attack help?

Cristóbal Palmer cristobalpalmer at gmail.com
Wed Apr 2 13:44:14 EDT 2008


On Wed, Apr 2, 2008 at 10:45 AM, Cristóbal Palmer
<cristobalpalmer at gmail.com> wrote:
>  I'd appreciate feedback offlist and on.

So, to answer my own question: our biggest question/concern was really
the explosion in our logs. After analyzing our logs and realizing this
is very likely a botnet burst attack that we can't really do anything
about (other than weather it for the next day or so), we've reduced
several services from servicename.* to servicename.warn in
/etc/syslog.conf

I think this attack will allow me to convince my coworkers that
greylisting is a good idea in the medium-term, though. They have been
on the fence for quite some time. Unless somebody wants to donate a
barracuda appliance (or a box so we can build our own equivalent) to
ibiblio.... *nudge, wink* ...

Cheers,
-- 
Cristóbal M. Palmer
http://tinyurl.com/3apraw "They also abandoned other volumes, later,
while fleeing from the librarians."


More information about the TriLUG mailing list