On 2017 Aug 15 18:21:00, you wrote to me:

 ML>> ummm... it is a Denial of Service, though... they've got the SBBS
 ML>> spending too much time handling the drop... best to block these in
 ML>> the firewall and stop them from abusing SBBS in the first place...

 KQ> am I wrong or does the throttling not take care of ddos?

the DOS is against the server... SBBS in this case...

 KQ> and exactly WHERE does he say it is ddos?

he didn't say it was a DDOS... DDOS is more than one attacker... this was only
one attacker...

and these days, we also have DRDoS, Distributed Reflective Denial of Service,
which is based on udp attacks...

 KQ> from what he has posted it could be regular Mirai.

not hitting the QOTD port, it likely isn't... Mirai and its variants hit 22,
23, 2222, 5555, and 7547... now the variants have expanded to numerous other
ports... 135 (DCE/RPC), 445 (Active Directory), 1433 (MSSQL), 3306 (MySQL), and
3389 (RDP).

then you have the Hajime worm which appears to be the work of a whitehat... it
looks like Mirai from the attacked side but its goal is to stop and prevent
Mirai and variants from getting in to IoT devices...

 KQ> I get these attempts on my mail server until I put them in my ip.can
 KQ> then it puts a halt to it.

yep...

FWIW: here's an interesting link on Mirai and what it can do... in our little
BBS world, we're only concerned with a few of them, for the most part...


)\/(ark

Always Mount a Scratch Monkey
Do you manage your own servers? If you are not running an IDS/IPS yer doin' it
wrong...
... For God's sake, keep a grip on yourself! - Brad Majors
---