New EMAIL DOS ATTACK BEWARE...

2025-04-10

Domain_Name = torsionfree.com
LAST KNOWN IP: 68.248.3.214
----------------------------------------
Contact_Name = Reynald Boily
email = hostmaster@siteofmagic.com
----------------------------------------

Tried to use a new form of a DOS(Denial Of Service) Attack on our servers. By setting up email auto-responders, then sending 80,000 spam emails to random non-existant addresses like JohnDoe@comcast.net

When the comcast servers recieved these messages, they realized that there is no email address named JohnDoe and bounced the email back to the sender, which was set to the email address on our servers that had the autoresponders, which then sent out emails back to comcast which they bounced back again creating an endless loop of bounced emails.

Again just by luck I was on the server when the attack began and I was able to remove the MX record of torsionfree.com to negate the DOS's effect.

Sample of bounce mail attack
--------------------------------------------------------------------------------

Hi. This is the qmail-send program at x1.xtreme-host.com.
I tried to deliver a bounce message to this address, but the bounce bounced!

<marktn@torsionfree.com>:
This address no longer accepts mail.

--- Below this line is the original bounce.

Return-Path: <>
Received: (qmail 27403 invoked from network); 28 May 2004 15:21:27 -0000
Received: from mxsf06.cluster1.charter.net (209.225.28.206)
by pjn.net with SMTP; 28 May 2004 15:21:27 -0000
Received: from localhost (localhost)
by mxsf06.cluster1.charter.net (8.12.11/8.12.11) id i4SFK1GQ001099;
Fri, 28 May 2004 11:20:29 -0400 (EDT)
Date: Fri, 28 May 2004 11:20:29 -0400 (EDT)
From: Mail Delivery Subsystem <MAILER-DAEMON@mxsf06.cluster1.charter.net>
Message-Id: <200405281520.i4SFK1GQ001099@mxsf06.cluster1.charter.net>
To: <marktn@torsionfree.com>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="i4SFK1GQ001099.1085757629/mxsf06.cluster1.charter.net"
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)

This is a MIME-encapsulated message

--i4SFK1GQ001099.1085757629/mxsf06.cluster1.charter.net

The original message was received at Fri, 28 May 2004 11:19:32 -0400 (EDT)
from swordfish.dnsvelocity.com [207.99.69.2]

----- The following addresses had permanent fatal errors -----
<alfdhjaslkdhfkaehfw@charter.net>
(reason: 550 Invalid recipient: <alfdhjaslkdhfkaehfw@charter.net>)

----- Transcript of session follows -----
... while talking to ow-prod.spama.charter.net.:
>>> DATA
<<< 550 Invalid recipient: <alfdhjaslkdhfkaehfw@charter.net>
550 5.1.1 <alfdhjaslkdhfkaehfw@charter.net>... User unknown
<<< 503 No recipients specified

--i4SFK1GQ001099.1085757629/mxsf06.cluster1.charter.net
Content-Type: message/delivery-status

Reporting-MTA: dns; mxsf06.cluster1.charter.net
Arrival-Date: Fri, 28 May 2004 11:19:32 -0400 (EDT)

Final-Recipient: RFC822; alfdhjaslkdhfkaehfw@charter.net
Action: failed
Status: 5.1.1
Remote-MTA: DNS; ow-prod.spama.charter.net
Diagnostic-Code: SMTP; 550 Invalid recipient: <alfdhjaslkdhfkaehfw@charter.net>
Last-Attempt-Date: Fri, 28 May 2004 11:20:29 -0400 (EDT)

--i4SFK1GQ001099.1085757629/mxsf06.cluster1.charter.net
Content-Type: message/rfc822

Return-Path: <marktn@torsionfree.com>
Received: from localhost.localdomain (swordfish.dnsvelocity.com [207.99.69.2])
by mxsf06.cluster1.charter.net (8.12.11/8.12.11) with ESMTP id i4SFIwtJ000100
for <alfdhjaslkdhfkaehfw@charter.net>; Fri, 28 May 2004 11:19:32 -0400 (EDT)
Date: Fri, 28 May 2004 11:19:32 -0400 (EDT)
Message-Id: <200405281519.i4SFIwtJ000100@mxsf06.cluster1.charter.net>
From: "Mark" <marktn@torsionfree.com>
To: alfdhjaslkdhfkaehfw@charter.net
Subject: Transferred to Lawrence,...
MIME-Version: 1.0
Content-type: text/html

Hi 
 
I saw your ad on Yahoo Personals and thought I would write. 
Moving here is a new experience for me as I just moved near Lawrence from Colorado about a month ago andI must say I really like it here. 
But i hardly know anybody here, except for my roomate who moved here a while back.
He's made some friends through the internet and he says there's a lot of nice people I might like here. 
I will be getting my own computer soon, right now I am on my friends computer. I am generally a happy person.
I like a person who can make me laugh and open minded. 
My roomate James thought I should email you and he showed me how to send it but nowI can't figure out how to
attach my picture here. We put it at www.Makeafriendlymatch.com where he's at. You can locate my number 2969272.
If it interests you, you can call me on my cell phone tomorrow at 65257077I am really laid back and easy going.
I enjoy going to the movies and out to dinner. I also enjoy quiet evenings at home. 
Any way we can talk and see what we have in common and maybe get together if you would like to. Bye, 
Mark 
 
P.S. 
Well, I have to go now. 
I don't know if we'll be using this address anymore so call me and let's see where it goes. 
By the way, did you get my last email?

--i4SFK1GQ001099.1085757629/mxsf06.cluster1.charter.net--

------------------------------------------------------------------------------------
# END SAMPLE
------------------------------------------------------------------------------------