Petr Novotny wrote:
>BTW, you can still be the "tool", even without this amplification.
>Let's denote "A" attacker, "B" "tool" and "C" victim. Suppose that
>A and B are "stronger" (faster, or just on a faster line) than C (you
>can attack only someone weaker). A connects to B's SMTP and
>starts sending undeliverable messages with C as the fake sender
>at a fast rate; only one RCPT TO per message; B sends the
>bounces to C at the same rate, overwhelming C and its connection.
>
>"B" can be any SMTP server which doesn't immediatelly check the
>recipient; any secondary MX falls into this category, as many large
>SMTPs (with many local users, I mean) like (maybe - I don't know)
>aol.com, hotmail.com etc.
>
>
>Please note that this attack already has nothing to do with qmail at
>all: It just shows that SMTP is an inherently weak protocol, due to
>lack of authentication. Should we blame qmail from SMTP's
>weaknesses? It's an odd thing to do, isn't it?
It is indeed, which is why I wonder why you bring it up. I wasn't blaming
qmail for one of SMTP's shortcomings, I was blaming it for the initial
attack in question, the way that it manages outgoing SMTP sessions, and by
extension, the way that it makes it relatively simple to amplify a single
message into multiple bounces. The point is that SMTP allows for many bad
practices that can and should be avoided in implementations. This is one of
them. I apologize if I was unclear.
Mark
--
Do not reply directly to this e-mail address
--
Mark Mentovai
UNIX Engineer
Gillette Global Network
