Mail Server Attack

Hello,
Heres an interesting problem for you

Having a massive email attack on one domain and im talking 10's/100's of connections per second. I thought ok drop the mx record of the domain and terminate the mail account. No the attack continues(although the mails not going anywhere just causing a DOS in some respects)

The problem is the mail servers sending the mails are rarely the same ive seen 1000's ranging from cox.net to ev1servers to PNap. I am at a loss to how they are doing it!

What ive done now is set the MX to 127.0.0.1 so hopefully it hits the sender and not us but a theory is they are spoofing everything(ive sent an email to ev1 to confirm if the mails I had from a server there truely did come from there). What I think is happening though is that they are targetting the IP of the server and sending from 1 IP but spoofing it to look like many different ones although im not sure thats possible as the mail server would be sending back IP traffic to the IP its given

Any ideas anyone?

Thanks Mail Server Attack

 

 

 

 

Top