[Oisf-users] Mail Attack Rules
Mesra.net CEO
admin at mesra.my
Wed Mar 8 18:59:48 UTC 2017
Dear All,
Since few days ago my server has been attack and the attacker are sending thousands of emails to invalid email username and its only effected to 1 domain name, currently i have to block more then 10k IPs per day for the issue, with suricata i make the rules like below but that will totally block the access for valid emails, is theres any tips i can make the rules for more flexible for example the suricata only block any access to invalid email from out of the list, for example i will list down all the valid receipent emails and the others will automatically block:
reject tcp any any -> any [25,587,465] (msg:"***** BLOCK ABCDE.com EMail ATTACK *****"; dsize:>0; content:"@abcde.com"; sid:51; rev:1;)
Please help, TQ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170309/41c9efad/attachment.html>
More information about the Oisf-users
mailing list