On 04-Jan-99 15:27:24, Vince Vielhaber wrote something about "Re: Fw: Anonymous
Qmail Denial of Service". I just couldn't help replying to it, thus:
> On Mon, 4 Jan 1999, Vince Vielhaber wrote:
>> So it seems that if/when the admin sees all the qmail-queue's running,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Following up to my own, I don't know what I missed last time,
The kill command?
> but I just tried it again and it left files of 0 length as advertised:
> -rw-r--r-- 1 qmailq qmail 0 Jan 4 09:15 ./mess/10/224720
> But how many would it take for DoS? Use up all the inodes?
Yes, inodes or more generally, some kind of disk resource. A 'df -i' shows
that our queue disk (tiny 2 GB thing ;-) has less than half a million free
inodes. That is few enough to make it feasible to try running the queue disk
out of inodes. If you can create 10 per second, it would take a bit more than
half a day to halt the mail system. How many would notice until the disaster
is a reality?
However, the interesting thing here is not the DoS itself, but the problem
that you don't know who to point the gun at afterwards.
> Still no mail would be lost AFAICT.
Not by qmail, but what about all those broken MUA's that don't check the
exit code of /usr/somewhere/sendmail or /var/qmail/bin/qmail-inject?
Regards,
/ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻTŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ\
| Rask Ingemann Lambertsen | [EMAIL PROTECTED] |
| Registered Phase5 developer | WWW: http://www.gbar.dtu.dk/~c948374/ |
| A4000, 775 kkeys/s (RC5-64) | "ThrustMe" on XPilot and EFnet IRC |
| Life starts at '030, fun starts at '040, impotence starts at '86. |
