Mail server of fastlink.bt under attack from hinet.net using yahoo.com.tw

Our Mail server at fastlink.bt is under severe attack from hinet.net, generating hell lot of traffic using almost all our bandwidth!

Details of the EMail from hinet.net using yahoo.com.tw

From “%CUSTOM_MAILFRONNAMEBIG” <>

To “zizi0325″

Sent Thu, 26 Apr 2007 18:22:09 +0800

Subject =?BIG5?B?LS1GbGFzaLD….

Contents of the email

Received: (qmail 88033 invoked from network); 26 Apr 2007 12:11:59 -0000

Received: from 59-117-99-209.dynamic.hinet.net (HELO user02) (webmaster@59.117.99.209)

by mail.fastlink.bt with SMTP; 26 Apr 2007 12:11:59 -0000

From: =?BIG5?B?p/Wq7LXT?= <1ShUm9n@yahoo.com.tw>

Message-ID:68913579135680246

Date: Thu, 26 Apr 2007 18:23:46 +0800

From: “%CUSTOM_MAILFRONNAMEBIG” <>

To: “x913024″

Subject: =?BIG5?B?ofOh87F6qr…..

Content-Type: text/html;

charset=”Big5″

Content-Transfer-Encoding: base64

PGh0bWw+DQoNCjxoZWFkPg0KPG1ldGEgaHR0c……………….=

—————————-

Decoded Data gives this page!!!

———————-

SOLUTION !!!!

As we are using FreeBSD server and ipfw firewall

block all address of hinet.net

add allow ip from any to any via lo0

add allow all from me to any

add deny tcp from 61.216.0.0/14 to me 25

add deny tcp from 61.224.0.0/14 to me 25

add deny tcp from 163.29.0.0/16 to me 25

add deny tcp from 163.31.0.0/16 to me 25

add deny tcp from 210.61.0.0/16 to me 25

add deny tcp from 210.65.0.0/16 to me 25

add deny tcp from 210.69.0.0/16 to me 25

add deny tcp from 203.69.0.0/16 to me 25

add deny tcp from 203.74.0.0/16 to me 25

add deny tcp from 203.75.0.0/16 to me 25

add deny tcp from 168.95.0.0/16 to me 25

add deny tcp from 59.112.0.0/14 to me 25

add deny tcp from 59.116.0.0/14 to me 25

* Save this rules in a file!

* Execute using ipfw /file/path

Published by: abiXalmon on April 26th, 2007 | Filed under Blogs