Tap, tap, tap. Hello? Is thing on?
Andrew Richards <[EMAIL PROTECTED]> wrote:
>The standard DoS is to open lots of SMTP connections to an SMTP server,
>which could be qmail, or any other MTA - and leave them open.
No, the "standard" qmail DOS is to make a single connection to
qmail-smtpd and send it either lots of RCPT's or a single
unlimited-length command. Eventually, the qmail-smtpd process will
consume all available memory, preventing other processes from getting
the memory they need.
See:
http://www.ornl.gov/its/archives/mailing-lists/qmail/1997/06/msg00317.html
http://www.ornl.gov/its/archives/mailing-lists/qmail/1997/06/msg00322.html
>Since
>[vanilla] SMTP is not authenticated, this attack could be initiated from
>anywhere.
Authentication won't help. Since SMTP is (usually) a public service,
it needs to be open to everyone.
>It's unlikely that you'd be able to knock out a whole machine
>like this (tcpserver gives the -c option to limit the no. of connections, and
>even inetd has a crappy way of limiting connections), but you would be
>able to DoS SMTP on a machine (the attacker continues to setup lots
>of SMTP connections to force the MTA to its SMTP connection limit, so
>that anyone else trying to establish an SMTP connection is likely to fail).
That's a different and less severe problem that is shared by any
public network service.
-Dave
