Preventing against E-mail Attacks
It is very important that you are able to detect e-mail bombing or spamming as soon as possible. One of the signs your system will present when under attack is sluggishness. If e-mail is slow or is not being sent or received, it could be that your mail server is either trying to process a large number of messages, or already has suffered a denial-of-service, as mentioned above.
If you are experiencing such a condition in your server, I recommend you do:
- Identify the source of the e-mail by checking the headers, and immediately reconfigure your firewall (or router) to block incoming packets from that address. Be careful before assuming that the author of the attack is the person showing on the header of the message, as many times the name appearing there is just an alias, in a attempt to hide the true identity.
- If your e-mail service is through an Internet Service Provider (ISP), let them know about the bombing or spamming incident so that they can reconfigure their router or firewall, to prevent messages coming from the address of origin.
- Contact the Computer Emergency Response Team (CERT) at cert@cert.org about the attack so that they can track the incidents. The CERT Coordination Center charter is to work with the Internet community to facilitate its response to computer security events involving Internet hosts, to take proactive steps to raise the community's awareness of computer security issues, and to conduct research targeted at improving the security of existing systems.
There is no way to block e-mail bombing and spamming. However, there are a few things you can do to protect yourself and decrease the likelihood of a bombing or spamming attack. One, you should keep your e-mail software up to date at all times. Two, make sure you maintain the updates, patches, and bug fixes that are released by your e-mail developer. The third thing is a little more technical. You could develop a tool that would check for and alert you to incoming messages that originate from the same user or same site in a short span of time. You then could block these connections at the router level.
For example, once you identify from where this messages are coming from, the sites domain (madman@crooks.com, for example) you can go to your firewall and block, or deny, any messages coming from that site. You can even re-direct it to a wastebasket directory where it will be periodically deleted. You will probably
Go To Page: 1 2
