While performing a security upgrade at a major oil exploration company, we came under attack by mail bombing (email). An individual using a script found on the Internet was sending about 20 thousand mail messages an hour. The email servers being used at this facility were MS Exchange which could not handle the attack load (The exchange servers all crashed).

We quickly tracked down the individual (the individual had forgotten to strip all of the mail headers) and built mail filters at the firewall (Sidewinder). The mail filters stopped the email bombing.

We then contacted the ISP and had the compromised host that was acting as a mail relay disconnected from the Internet. Another major oil company (Exxon) was also under attack at the time by the same host (according to Exxon's firewall group) and the attack was stopped when we had the compromised host removed from the Internet.

Two birds with one stone...