On Thu, Jan 07, 1999 at 12:52:25AM -0800, [EMAIL PROTECTED] wrote:
> On Wed, Jan 06, 1999 at 09:01:23AM -0000, D. J. Bernstein wrote:
> > I've sent a response to bugtraq explaining how to identify the uid that
> > filled up the queue.
> >
> > My message also explains a much more powerful series of four attacks
> > against all MTAs, including the IBM Secure Mailer. These attacks can be
> > carried out from anywhere on the Internet, not just the local machine.
> > They keep the mail queue flooded for several days.
>
> So...
>
> 1) qmail-clean will clean up the files after deciding that they're old
> enough to be garbage
Yep.
> 2) DOS is something which has already been granted out as basically
> impossible to protect against in today's environment
Yep.
> 3) The resource starvation is not anonymous.
When using process accounting, yes.
Greetz, Peter.
--
<squeezer> AND I AM GONNA KILL MIKE | Peter van Dijk
<squeezer> hardbeat, als je nog nuchter bent: | [EMAIL PROTECTED]
<squeezer> @date = localtime(time); | realtime security d00d
<squeezer> $date[5] += 2000 if ($date[5] < 37); |
<squeezer> $date[5] += 1900 if ($date[5] < 99); | -x- available -x-
