So for the past couple of months I have noticed our business DSL get completely saturated and basically stop working. This behavior lasted for a couple of hours and then stopped.
Now it's back with a vengeance. For the past 3 days our internet has been fully saturated. I did a wireshark on the external interface and with my little knowledge of wireshark it looks like several yahoo mail servers are sending significant amounts of data our way. To give you an example we are a 10 person company and our SMTP log for TODAY ONLY is 100MB.
I looked through the log and it looks like a directory harvest attack since all the emails are coming to unkownuser@ourdomain.com.
Another interesting item is that on the dashboard, if I look at the throughput graph, it shows that my External Interface "Out" is what is spiking up to 648Kb (our upload is only 384Kb). I initially thought that this might be a virus on one of the machines on the LAN but the internal interface traffic is negligible (21Kb). However with the info I gathered today I started thinking that maybe Astaro is sending undeliverable messages back to the spammers? If have tried looking for a way to verify this but couldn't find it.
Lots of thoughts and I am really hoping that someone out there may have encountered this in the past.
We are running ASG 7.502.
Thanks in advance!
This thread was automatically locked due to age.
