Monday, August 3, 2009

Mail Bomb

Problem:

Unauthorized users can send large amounts of large email messages to and through your email server, often filling up disk space on your mail system, denying email services to other users.

These attacks usually involve the unauthorized user(s) sending thousands of large binary attachments to a single or multiple valid users on your server (or spooling through your server in attack against someone else, using your server to hide his tracks).

Once the disk fills up, the server rejects additional messages.

Solutions:

*

Deploy monitoring systems

Ensure your monitoring systems monitor the number of messages coming into your server, and reporting sudden spikes in traffic.

In addition, monitoring systems should check for active disk space on your systems, and reporting when your partitions are in jeopardy.
*

Ensure mail spool areas are on large, dedicated disk partitions

Ensure that your mail spool and log directories would not affect other aspects of the system if they were filled.

For example, having the mail spool, queue and/or users mail directories on a Unix ROOT file system may affect the availability of the system itself if the system was subject to a successful Denial Of Service Attack.
*

Report abuse to your Internet Service Provider

When a Denial Of Service attack is detected on your systems, contact the Security Department of your Internet Service Provider to have them assist in tracking down the source of the active attack.

No comments: