Re: [IMail Forum] DOS attack

Sat, 8 Jan 2000 21:28:28 -0800 

The DoS only affects IMonitor. Which is still critical if 
you're using it to monitor your services. However, the 
Imonitor DoS crash won't stop your users from 
sending/receiving mail.

Fix is in testing.

Bob

---------- Original Message ----------------------------------
From: hostmaster <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date: Sat, 08 Jan 2000 22:25:24 -0600

>At 03:55 AM 1/9/00 +0000, you wrote:
>>>Does this mean any significant threat?
>>
>>A DoS attack poses the threat of just that -- denial of service. If you 
>>maintain a mail server that is extremely mission critical, then yes it 
>>does. The worst thing that will happen is people not being able to send or 
>>receive mail. This isn't the type of exploit that could allow someone to 
>>get information from your servers or network.
>>
>>If you're worried about the possibility of denial of service, you can 
>>disable the IMAIL Monitor service. Most of the time you'll want to monitor 
>>your crucial services from another machine or outside of your network anyway.
>>
>>Jonathan
>>
>>>Is this problem fixed in 6.02?
>>
>>No clue.
>>
>>
>>
>>
>>>IMail IMonitor Subject ot Denial of Service
>>>Reported January 5, 1999 by USSRLabs
>>>
>>>VERSIONS AFFECTED
>>>IMail IMonitor
>>>DESCRIPTION
>>>
>>>UssrLabs discovered a denial of service condition in IMail 
>>>IMONITOR  Server for WinNT Version 5.08 and possibly other versions as well.
>>>
>>>A cgi script entitle status.cgi checks to see if the server services are 
>>>running. By executing the script numerous times in a short period of time 
>>>Imonitor will crash citing an "Invalid Memory Address."
>>>
>>>VENDOR RESPONSE
>>>
>>>IPSwitch has been informed of the issue (tracking number 
>>>IMS2000010500000096) however no fix was available at the time of this writing.
>>>
>>>CREDITS
>>>Discovered by USSRLabs
>>>
>>>Please visit http://www.ipswitch.com/support/mailing-lists.html
>>>to be removed from this list.
>>
>>Please visit http://www.ipswitch.com/support/mailing-lists.html 
>>to be removed from this list.
>>
>
>--
>Robert S. Stull
>Programmer
>Ipswitch, Inc.
>http://www.ipswitch.com/
>--
>

--
Robert S. Stull
Programmer
Ipswitch, Inc.
http://www.ipswitch.com/
--
Please visit http://www.ipswitch.com/support/mailing-lists.html 
to be removed from this list.

Reply via email to