POP3 DoS attacks and mailanyone.net?

For the first time since I can remember, my POP3 server was effectively shut down by too many simultaneous connections today. The first fix I tried was to raise the number of connections from the default 40 to 100, but the problem soon returned.

I finally ipfw'd off the offending IP ( for anyone interested), then went to look for other possible offenders in the log. I noticed several thousand connections today to a few dozen former users from 4 IPs from One of the users was actually legitimate.

These IPs belong to mailanyone.net. The tech contact in their ARIN record is listed as:

OrgTechHandle: BHE57-ARIN
OrgTechName: Heitman, Bryan
OrgTechPhone: +1-816-587-4700
OrgTechEmail: hostmaster@mailanyone.net

However, that phone number goes to a UPS store that has no idea what I'm talking about. I then dialed their suppseod NOC number:

Comment: FuseMail, LLC Network Operations Center contact
Comment: 877.888.3873 x3

I am on hold with that number right now with some very loud and annoying music.

Can anyone offer any insight as to these people and how/who to deal with there?

Would a provider be amiss to just block their entire /21?


James Smallacombe PlantageNet, Inc. CEO and Janitor
up@3.am http://3.am

Issues with gmail.com

here in DC

Winn Johnston

Hummm. Looking through some of my data I found that the domain
NORTHROANOKE.COM resolves to (the first attack vector).

That box is running Microsoft Business Server 2003. NORTHROANOKE.COM
appears to be some kind of assisted living facility in Roanoke, Virginia
(based on whois).

Doesn't look gmail related from that perspective...


Andrew Fried

Winn Johnston wrote: