From owner-freebsd-isp Thu Jun 29 13:32:42 2000 Delivered-To: freebsd-isp@freebsd.org Received: from troi.csw.net (troi.csw.net [209.136.192.23]) by hub.freebsd.org (Postfix) with ESMTP id A417037B6CC for ; Thu, 29 Jun 2000 13:32:15 -0700 (PDT) (envelope-from lambert@cswnet.com) Received: from ssaos2 (ssaos2.csw.net [209.136.201.13]) by troi.csw.net (8.9.3/8.9.3) with SMTP id PAA32069 for ; Thu, 29 Jun 2000 15:32:08 -0500 (CDT) (envelope-from lambert@cswnet.com) Message-Id: <200006292032.PAA32069@troi.csw.net> From: lambert@cswnet.com Date: Thu, 29 Jun 2000 15:26:31 -0400 To: freebsd-isp@freebsd.org Subject: Un-authorized ETRNs X-Mailer: MR/2 Internet Cruiser Edition for OS/2 v2.10a c10 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I couldn't decide if this belonged on -ISP or -SECURITY. Please tell me if my guess was incorrect. I have seen a lot of ETRN requests from unauthorized domains lately. Is this some form of attack to try to slow my mail servers down? Over the last 2 weeks, sendmail has been throtling several times per day. This has happenned mostly during normal business hours which are not historically busy times for us. Perhaps the summer has changed my user access patterns more than I realize or somebody is somehow DoSing me. The second option seems more realistic to me. Am I overly paranoid and just need to build a new box or should I be accelerating my efforts toward building a firewall for my server farm? -- Scott Lambert lambert@cswnet.com Systems and Security Administrator CSW Net, Inc. ================================================================ Written: Thursday, June 29, 2000 - 03:26 PM To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message