Re: Check out E-Mail Problem Creates Message Flood - AOL News
Several years a company I worked at saw their e-mail system get hit with a similar (non-)attack. An executive went on vacation and set the out-of-office reply to respond to reply-all. Couple that with a few more people out of the office, and it did not take long to bring the company's network to a complete standstill. Took the e-mail admins most of the day to purge inboxes and disable e-mail accounts. Then got the CIO to send a memo about how to use out of office e-mail functions. On Fri, 5 Oct 2007 00:55:59 -0400, Robert A. Rosenberg [EMAIL PROTECTED] wrote: At 23:02 -0400 on 10/04/2007, Ed Finnell wrote about Check out E-Mail Problem Creates Message Flood - AOL News: _E-Mail Problem Creates Message Flood - AOL News_ (http://news.aol.com/story/_a/e-mail-problem-creates-message-flood/20071004120009990001?ncid=NWS00010 1) Sometimes you just have to hang your head and laugh Although the article does not explain what went wrong (just that he tried to send a reply) I'd guess that the original message was sent with the FROM (or SENDER) set to the list address not to a List Administrator address. Thus any reply would go to the list for echoing to all the subscribers. In addition, the list would seem to be of an Announce-Only type where only the Administrator should be able to submit but seems to allow anyone to submit (a bad idea for that type of list given its purpose). -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Check out E-Mail Problem Creates Message Flood - AOL News
In a message dated 10/5/2007 2:16:43 P.M. Central Daylight Time, [EMAIL PROTECTED] writes: Several years a company I worked at saw their e-mail system get hit with a similar (non-)attack. An executive went on vacation and set the out-of-office reply to respond to reply-all. Couple that with a few Wasn't the original Christmas Worm on VM an OoO attempt? ** See what's new at http://www.aol.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Check out E-Mail Problem Creates Message Flood - AOL News
On Fri, 5 Oct 2007 14:16:06 -0500, Matthew Stitt wrote: Several years a company I worked at saw their e-mail system get hit with a similar (non-)attack. An executive went on vacation and set the out-of-office reply to respond to reply-all. Couple that with a few more people out of the office, and it did not take long to bring the Why would a MUA ever be designed to allow sending an OoO message via Reply All? (I can imagine some rationale, but it doesn't balance the risk.) -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Check out E-Mail Problem Creates Message Flood - AOL News
On Fri, 5 Oct 2007 15:13:22 -0500, Paul Gilmartin [EMAIL PROTECTED] wrote: ... Why would a MUA ever be designed to allow sending an OoO message via Reply All? ... Designed? You're making a rash assumption. Pat O'Keefe -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Check out E-Mail Problem Creates Message Flood - AOL News
At 15:45 -0400 on 10/05/2007, Ed Finnell wrote about Re: Check out E-Mail Problem Creates Message Flood - AOL Ne: Wasn't the original Christmas Worm on VM an OoO attempt? If I remember correctly it was. User 1 had scheduled a message (I think it was a large message he wanted to get sent/delivered when the load on the network was lower by delaying its transmission until the Weekend) to get sent after he left on vacation as well as setting up a OoO reply daemon. When the scheduled message finally get sent, the recipient had a OoO bot of his own on his account. The message got rejected/reflected back to the original sender along with a separate OoO reply message (thus there were 2 messages in flight back to the original sender). These messages each triggered a rejection and OoO set (thus upping the in-flight count heading to the original recipient to 4). Each Bounce doubled the number of messages going back and forth until the system was brought to its knees and an Administrator had to fix the problem (the next Monday). -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Check out E-Mail Problem Creates Message Flood - AOL News
At 0:55 -0400 on 10/05/2007, Robert A. Rosenberg wrote about Re: Check out E-Mail Problem Creates Message Flood - AOL Ne: At 23:02 -0400 on 10/04/2007, Ed Finnell wrote about Check out E-Mail Problem Creates Message Flood - AOL News: _E-Mail Problem Creates Message Flood - AOL News_ (http://news.aol.com/story/_a/e-mail-problem-creates-message-flood/20071004120009990001?ncid=NWS00010 1) Sometimes you just have to hang your head and laugh Although the article does not explain what went wrong (just that he tried to send a reply) I'd guess that the original message was sent with the FROM (or SENDER) set to the list address not to a List Administrator address. Thus any reply would go to the list for echoing to all the subscribers. In addition, the list would seem to be of an Announce-Only type where only the Administrator should be able to submit but seems to allow anyone to submit (a bad idea for that type of list given its purpose). It looks like I analyzed the cause correctly. Here is a comment as reported in a SANS Institute news article on the incident: The error could cause big trouble if a hacker sent a bad e-mail attachment with a zero-day security vulnerability to nail a few dozen gullible security professionals, Marcus Sachs wrote in the SANS diary, which documents security incidents. If you maintain a broadcast mailing list, make sure that the address will not reflect e-mail from sources other than the owner of the list, Sachs wrote. Otherwise, you will become a training example for SANS. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Check out E-Mail Problem Creates Message Flood - AOL News
At 23:02 -0400 on 10/04/2007, Ed Finnell wrote about Check out E-Mail Problem Creates Message Flood - AOL News: _E-Mail Problem Creates Message Flood - AOL News_ (http://news.aol.com/story/_a/e-mail-problem-creates-message-flood/20071004120009990001?ncid=NWS00010 1) Sometimes you just have to hang your head and laugh Although the article does not explain what went wrong (just that he tried to send a reply) I'd guess that the original message was sent with the FROM (or SENDER) set to the list address not to a List Administrator address. Thus any reply would go to the list for echoing to all the subscribers. In addition, the list would seem to be of an Announce-Only type where only the Administrator should be able to submit but seems to allow anyone to submit (a bad idea for that type of list given its purpose). -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
