On Thu, Mar 02, 2000 at 01:49:32PM +0000, James Raftery wrote:
> On Thu, Mar 02, 2000 at 11:34:11AM -0000, Lorens Kockum wrote:
> > No they do not need to be open relays. If they are qmail
> > servers that is perfect for the purpose.
>
> Why? There is no appreciable gain. To be effective the attacker needs to
> send a small amount of traffic, which is amplified by a large factor and
> directed to the victim.
>
> Sending a 1K message to qmail with the intention of it bouncing to your
> victim yields a bounce with your original 1K message plus ~200 bytes of
> the QSBMF bounce message. If you get a 10K message to bounce, you yield
> 10K plus ~200 bytes. Those gains are too low to be useful.
You're missing a point: the message is sent with a couple of 100 recipients.
All these recipients will bounce the message - separately. There's your
amplification :)
Greetz, Peter.
--
Peter van Dijk - student/sysadmin/ircoper/madly in love/pretending coder
|
| 'C makes it easy to shoot yourself in the foot;
| C++ makes it harder, but when you do it blows your whole leg off.'
| Bjarne Stroustrup, Inventor of C++
