Daniel,
I beg to differ! If any user, given the ability to set up their own lists is
able to do this to MY mail server, which then prevents other users from
accessing the server then this is a DOS to the other users. I didn't do
this but a customer of mine, not knowing any better, did it.
You can call it operator error or stupidity or anything else if you want,
but in my book if it looks like a duck and waddles like a duck and quacks
like a duck, then it must be a duck.
Anyone offering free email with list service we can try this on and see if
they call it a DOS or operator error?
Best,
Roger
----- Original Message -----
From: Daniel Donnelly <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, October 08, 1999 7:02 AM
Subject: Re: [IMail Forum] iMail DOS attack
> Roger,
>
> If you insist on creating a mail-loop, you will cause IMail to use a lot
of
> CPU resources. The List Server is sending to itself! By stopping the SMTP
> service, IMail is no longer capable of accepting email so you break the
loop.
> You could also break the loop by using 'bob' as the moderator rather than
> 'john'.
>
> I'd hardly call this an attack, more like an 'operator error'.
>
> Daniel Donnelly
> Ipswitch Technical Support
> ________________________________________________________
> See our Knowledge Base at http://support.ipswitch.com/kb
>
>
> In reply to 8 Oct message from [EMAIL PROTECTED]:
>
> >Found that iMail was running 100% duty cycles today, the first time for
> >a long time!
>
> >After shutting down iMail and killing smpt32d.exe I think I finally
> >figured this out. If anyone has seen this before please let me know.
> The
> >only way I found to stop this was to deny access to smtp32d.exe for
> >execution by the system.
>
> >1. Add a user called john
> >2. Create a mail list called john
> >3. Make [EMAIL PROTECTED] the list administrator 4. Add john as the
> >only member of the list
> >5. Set up the list so that it requires that posts to the list be
> >approved by the list administrator, who happens to be
> >[EMAIL PROTECTED] 6. Now send email to [EMAIL PROTECTED] with
> >large (1 MB + ) binary attachments.
> >Goto 6
>
> > Watch the CPU grind to a halt as it sends this message to john
> >numerous times, copying around this large binary file. The queue file
> >shows that john sent the message numerous times.
> >Also watch your disk space wither away as the log file grows.
>
> >Here is what one of the files that was being sent looks like. Note the
> >X-Sender is [EMAIL PROTECTED]
> >which is repeated 1100+ times.
>
> ><< REGULAR MAIL HEADER APPEARS HERE>>
> >From: "[EMAIL PROTECTED]"
> >Subject: This will make you laugh your ass off ... To:
> >[EMAIL PROTECTED]
> >MIME-Version: 1.0
> >Content-Type: multipart/mixed; boundary="0-846930886-939256781=:17526"
> >X-Sender: [EMAIL PROTECTED]
>
> > <<< AN ADDITIONAL 1100+ lines exactly like above go here >>>
>
> >X-Sender: [EMAIL PROTECTED]
> >Precedence: bulk
> >Sender: [EMAIL PROTECTED]
>
> >--0-846930886-939256781=:17526
> >Content-Type: text/plain; charset=us-ascii
> >Content-Disposition: inline
>
> >=====
>
> >__________________________________________________ Do You Yahoo!?
> >Bid and sell for free at http://auctions.yahoo.com
> >--0-846930886-939256781=:17526
> >Content-Type: audio/wav; name="Delta.wav"
> >Content-Transfer-Encoding: base64
> >Content-Description: Delta.wav
> >Content-Disposition: attachment; filename="Delta.wav"
>
> >UklGRvDQDABXQVZFZm10IBAAAAABAAEAESsAABErAAABAAgAZGF0YXnQDACC <<< REST
> OF
> >BINARY DATA GOES HERE, all 1MB of it >>>
> 34OEhYOAgYKAfn+ChIODg4GCg4OCgX+AgoGBgoSHhYSFh4iHiY2LiYiGiIiF
>
>
>
>
>
>
>
>
> >Please visit http://www.ipswitch.com/support/mailing-lists.html to be
> >removed from this list.
>
>
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
>
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
