-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 21 Jul 00, at 9:59, Mark Mentovai wrote:
> There's a difference between being the target of a denial-of-service
> attack and being involved in one as a tool used by an attacker. As
> participants on the public Internet, we have to be willing to
> acknowledge our own susceptibility to being targets, and take measures
> to handle them as our personal or organizational requirements dictate.
> We must not be willing to promote abusive activities by knowingly
> supporting, directly or indirectly, bad practices.
If this is really, really your bother, just use the patch to control the
maximum number of RCPT-TOs for one message.
BTW, you can still be the "tool", even without this amplification.
Let's denote "A" attacker, "B" "tool" and "C" victim. Suppose that
A and B are "stronger" (faster, or just on a faster line) than C (you
can attack only someone weaker). A connects to B's SMTP and
starts sending undeliverable messages with C as the fake sender
at a fast rate; only one RCPT TO per message; B sends the
bounces to C at the same rate, overwhelming C and its connection.
"B" can be any SMTP server which doesn't immediatelly check the
recipient; any secondary MX falls into this category, as many large
SMTPs (with many local users, I mean) like (maybe - I don't know)
aol.com, hotmail.com etc.
Please note that this attack already has nothing to do with qmail at
all: It just shows that SMTP is an inherently weak protocol, due to
lack of authentication. Should we blame qmail from SMTP's
weaknesses? It's an odd thing to do, isn't it?
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2 -- QDPGP 2.60
Comment: http://community.wow.net/grt/qdpgp.html
iQA/AwUBOXhMNlMwP8g7qbw/EQIsHQCfStMYH/McTKr+R38Pl2xO1+XMpp4AnRTE
FwVb6k/Ti+8yIh77q2bMtGIr
=mQ54
-----END PGP SIGNATURE-----
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
[Tom Waits]
