I keep seeing 'Joe Average compromised computer on broadband' being used
to do email dictionary attacks on our systems. Seems I always have
several domains going through these. One in particular has been in the
'a-' list for weeks with about 20,000 attempts per day from various
systems. Yeah, I do have a system which blocks email from these systems
for a period of time after 3 bad email address attempts.... throttling...
Anyway, this brought to mind.... Joe Average! Joe Average buys a
broadband connection, has someone hook up his computer.. talks to tech
support about everything and eventually, an AV subscription dies or
something and Joe just doesn't care or doesn't know how to deal with
that. Meanwhile Joe's computer gets a virus allowing some baddy to start
sending email. Joe notices his computer is getting a little slow.. but
it's not bad enough to worry about.
So, this made me start wondering about how to do something that makes
Joe's computer so slow that he finally gives up and calls in tech
support to fix the damned thing.
I wonder if there is a way that a firewall rule could be written, that
would let a trickle of the connection from Joe through, so as his
dictionary attack gets backed up with a huge number of connections which
are trickling through at such a slow rate, with maybe just enough delay
built in to make it keep trying.... Basically making Joe's compromised
computer useless.. and maybe he'd at least turn it off if it didn't lock
up all by itself....
It is so very sad that some providers don't monitor their own people. I
see where comcast has now slid down to number 8 after holding the number
one spot as the biggest spammer network for a very long time. Good for
them! It seems the undisputed king of this world now is
verizonbusiness.com.... bad bad very bad....
Sorry.. yeah.. a bit off topic......
John Hinton
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
