nanog mailing list archives

RE: POP3 DoS attacks and mailanyone.net?

From: Winn Johnston <WJohnston () induscorp com>
Date: Tue, 1 Sep 2009 15:58:42 -0400

Issues with gmail.com 

here in DC

Winn Johnston
________________________________________
From: up () 3 am [up () 3 am]
Sent: Tuesday, September 01, 2009 3:28 PM
To: nanog () nanog org
Subject: POP3 DoS attacks and mailanyone.net?

For the first time since I can remember, my POP3 server was effectively
shut down by too many simultaneous connections today.  The first fix I
tried was to raise the number of connections from the default 40 to 100,
but the problem soon returned.

I finally ipfw'd off the offending IP (98.190.204.2 for anyone
interested), then went to look for other possible offenders in the log.  I
noticed several thousand connections today to a few dozen former users
from 4 IPs from 208.70.128.0/21.  One of the users was actually
legitimate.

These IPs belong to mailanyone.net.  The tech contact in their ARIN record
is listed as:

OrgTechHandle: BHE57-ARIN
OrgTechName:   Heitman, Bryan
OrgTechPhone:  +1-816-587-4700
OrgTechEmail:  hostmaster () mailanyone net

However, that phone number goes to a UPS store that has no idea what I'm
talking about.  I then dialed their suppseod NOC number:

Comment:    FuseMail, LLC Network Operations Center contact
Comment:    877.888.3873 x3

I am on hold with that number right now with some very loud and annoying
music.

Can anyone offer any insight as to these people and how/who to deal with
there?

Would a provider be amiss to just block their entire /21?

TIA,

James Smallacombe                     PlantageNet, Inc. CEO and Janitor
up () 3 am                                                     http://3.am
=========================================================================

______________________________________________________________________
This inbound email was scanned by MessageLabs
_____________________________________________________________________

______________________________________________________________________
This email was scanned by MessageLabs
_____________________________________________________________________

Current thread:

POP3 DoS attacks and mailanyone.net? up (Sep 01)
- RE: POP3 DoS attacks and mailanyone.net? Winn Johnston (Sep 01)
  - Re: POP3 DoS attacks and mailanyone.net? Andrew Fried (Sep 01)