[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PANIX.COM down: denial of service attack

To: M C Wong <[email protected]>
Subject: Re: PANIX.COM down: denial of service attack
From: "Perry E. Metzger" <[email protected]>
Date: Fri, 13 Sep 1996 00:21:50 -0400
cc: [email protected]
In-reply-to: Your message of "Fri, 13 Sep 1996 14:16:51 EST." <[email protected]>
Reply-To: [email protected]
Sender: [email protected]


M C Wong writes:
> > >            Can't access to this port be guarded against by a filtering
> > > 		 router which is configured to accept *only* a number of
> > > 		 trusted MX hosts ?
> 
> > Sure -- if you only want to accept mail from fifteen machines on
> > earth. If on the other hand your users might get mail from anywhere on
> > earth, your mail ports have to be open to connections from anywhere.
> 
> No, I am saying that we use MX field in DNS to specify our MX hosts, so
> other hosts from anywhere else will timeout connecting to the target smtp
> while trying to deliver mails directly to it, and hence will have to send 
> the message to next best MX host instead, and the firewall is configured 
> to permit access *only* from those MX hosts.
> 
> The problem here becomes how one can protect all those MX hosts instead.

You can't. All you are doing is moving the problem. I don't see how
that could be of any possible interest. The machines in question are
already the MX hosts for the zone.

Perry

References:
- Re: PANIX.COM down: denial of service attack
  - From: M C Wong <[email protected]>

Prev by Date: Re: Fed appellate judge remarks re anonymity, free speech on the net
Next by Date: Re: Nonsense, absolute nonsense... [Fwd: HipCrime and Spam]
Prev by thread: Re: PANIX.COM down: denial of service attack
Next by thread: Re: PANIX.COM down: denial of service attack
Index(es):
- Date
- Thread