On Mon, 4 Jan 1999, Vince Vielhaber wrote:
> Dunno about anyone else, but I tried Wietse's little attack attempt, not
> to the extent of trying for DoS but to see exactly what it did on a
> FreeBSD 2.2.8 system. ps -aux showed a qmail-queue sitting there as
> user qmailq. So I did a few of them. Same thing. I logged off. All
> of them were gone and there were no files left in the queue from it.
> So it seems that if/when the admin sees all the qmail-queue's running,
> dumping lusers one at a time till it clears would tell you who it is
> or when they logged off it'd clear up anyway.
Following up to my own, I don't know what I missed last time, but I just
tried it again and it left files of 0 length as advertised:
-rw-r--r-- 1 qmailq qmail 0 Jan 4 09:15 ./mess/10/224720
But how many would it take for DoS? Use up all the inodes? Still no
mail would be lost AFAICT.
Vince.
--
==========================================================================
Vince Vielhaber -- KA8CSH email: [EMAIL PROTECTED] flame-mail: /dev/null
# include <std/disclaimers.h> TEAM-OS2
Online Searchable Campground Listings http://www.camping-usa.com
"There is no outfit less entitled to lecture me about bloat
than the federal government" -- Tony Snow
==========================================================================
