-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 21 Jul 00, at 9:18, Greg Owen wrote:
> No, ORBS is talking about a different thing.
>
> If I want to mailbomb foo.com, and bar.com is running qmail, then I
> can connect to bar.com's mail and say:
>
> mail from: <[EMAIL PROTECTED]> (not me, my victim)
> rcpt to: <[EMAIL PROTECTED]> (presumed not to exist, will bounce)
> rcpt to: <[EMAIL PROTECTED]> (same) ...
> (and so on) rcpt to: <[EMAIL PROTECTED]> (same) data Subject: ha ha
> ha
>
> Enjoy this DOS
> .
> quit
>
> And qmail will send 26 individual bounce messages, one for each
> nonexistent recipient at bar.com, back to our victim at foo.com.
Where did you get this nonsense from? Please go ahead and test;
qmail will return only ONE bounce message specifying all 26
addresses. (I have tried, just now. Why haven't you?)
The only way for this attack to work is to talk to qmail on a
secondary MX (and have primary MX generate 26 distinct
bounces), but then the effect of the mailbomb is probably
diminished by the (allegedly) poor line between secondary and
primary (why would you care about secondary, otherwise?).
> I think ORBS is worrying too much, but that's just me.
Yeah, sure. I mean, there is lot of other DoSes possible. Why
would you care about too-many-emails? Is your computer really
secured against any DoS possible (including DDoS), except
mailbombing?
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2 -- QDPGP 2.60
Comment: http://community.wow.net/grt/qdpgp.html
iQA/AwUBOXhDS1MwP8g7qbw/EQIgZwCfQTI4gwMVLbDzsDTlJcaPJrHWWkUAoOkR
imMdjZjPzZxk9MyMDgC374ID
=g71l
-----END PGP SIGNATURE-----
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
[Tom Waits]