[Operators] DDoS attack
Mathias Ertl
mati at fsinf.at
Mon Feb 20 16:51:14 UTC 2012
Jonas,
On 2012-02-20 17:41, Jonas Ådahl wrote:
> Today my server was bombarded with thousands of subscription requests
> from various different XMPP domains[0] resulting in it crashing. Also
> with these requests came identical messages[1]. All of the accounts
> looks like [random characters]@domain.com such as
> 4yal71k4x2h2gzzsjiex at jabber.im. Seems like all of the requests were
> directed at one user.
Is it possible to draw up a list of accounts that took part in the
attack and send those accounts to the corresponding server-admins, at
least if they are known?
Does anyone know what this subscription message means?
> To prevent future attacks of this kind I have enabled functionality
> preventing flooding of subscription packets (mod_pres_counter in
> ejabberd) and urge others who haven't to do the same.
Thats an ejabberd-plugin included in one of the most recent ejabberd
versions.
All in all capabilities for fighting abusive automated messages are
unfortunately very poor in all servers. I really think devs should
improve that situation.
greetings, Mati
--
twitter: @mathiasertl | soup: http://soup.er.tl | xing: Mathias Ertl
I only read plain-text mail! I prefer signed/encrypted mail!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4572 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20120220/cabd5f19/attachment.bin>
More information about the Operators
mailing list