oops, my mistake .. I was under the impression it also sucked up tons of
CPU time, this denying (or lagging) service to your users as well.
Jonathan
At 12:18 AM 1/9/00 -0500, you wrote:
>The DoS only affects IMonitor. Which is still critical if
>you're using it to monitor your services. However, the
>Imonitor DoS crash won't stop your users from
>sending/receiving mail.
>
>Fix is in testing.
>
>Bob
>
>---------- Original Message ----------------------------------
>From: hostmaster <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>Date: Sat, 08 Jan 2000 22:25:24 -0600
>
> >At 03:55 AM 1/9/00 +0000, you wrote:
> >>>Does this mean any significant threat?
> >>
> >>A DoS attack poses the threat of just that -- denial of service. If you
> >>maintain a mail server that is extremely mission critical, then yes it
> >>does. The worst thing that will happen is people not being able to send or
> >>receive mail. This isn't the type of exploit that could allow someone to
> >>get information from your servers or network.
> >>
> >>If you're worried about the possibility of denial of service, you can
> >>disable the IMAIL Monitor service. Most of the time you'll want to monitor
> >>your crucial services from another machine or outside of your network
> anyway.
> >>
> >>Jonathan
> >>
> >>>Is this problem fixed in 6.02?
> >>
> >>No clue.
> >>
> >>
> >>
> >>
> >>>IMail IMonitor Subject ot Denial of Service
> >>>Reported January 5, 1999 by USSRLabs
> >>>
> >>>VERSIONS AFFECTED
> >>>IMail IMonitor
> >>>DESCRIPTION
> >>>
> >>>UssrLabs discovered a denial of service condition in IMail
> >>>IMONITOR Server for WinNT Version 5.08 and possibly other versions as
> well.
> >>>
> >>>A cgi script entitle status.cgi checks to see if the server services are
> >>>running. By executing the script numerous times in a short period of time
> >>>Imonitor will crash citing an "Invalid Memory Address."
> >>>
> >>>VENDOR RESPONSE
> >>>
> >>>IPSwitch has been informed of the issue (tracking number
> >>>IMS2000010500000096) however no fix was available at the time of this
> writing.
> >>>
> >>>CREDITS
> >>>Discovered by USSRLabs
> >>>
> >>>Please visit http://www.ipswitch.com/support/mailing-lists.html
> >>>to be removed from this list.
> >>
> >>Please visit http://www.ipswitch.com/support/mailing-lists.html
> >>to be removed from this list.
> >>
> >
> >--
> >Robert S. Stull
> >Programmer
> >Ipswitch, Inc.
> >http://www.ipswitch.com/
> >--
> >
>
>--
>Robert S. Stull
>Programmer
>Ipswitch, Inc.
>http://www.ipswitch.com/
>--
>Please visit http://www.ipswitch.com/support/mailing-lists.html
>to be removed from this list.
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
