We have been having problems with sites relaying ip traffic off our
internet router. This is a DEC Brouter 90T1.
Why do these people do this? What is the benefit in bouncing traffic off
our Brouter address? How do they do it? And how do you configure the
Brouter to stop such relays?
We are reasonably well protected in sendmail to stop spammers relaying but
this ip relay is a new phenomenen. It is serious as it took over all our
bandwidth for 12 hours over the weekend and acted as a denial of service
to our users.
stuart mckenzie
PS sorry I should add that of course we have stopped these people after
the event with an ip deny x.x.x.x but that is too late as the damage has
already been done. Even with an ip deny that only stops the relay, it
does not stop the inwards traffic. The relayer stops it after he finds
his packets are bouncing or we get it stopped upstream of us - this all
takes time.
We want to stop all traffic that is not bound for our domains at the door
so they dont even try.
Received on Mon Jul 26 1999 - 09:05:02 NZST