Bugtraq mailing list archives
Re: Stupid crackers exploiting stupid users
From: chowes () helix net (Charles Howes)
Date: Wed, 26 Oct 1994 05:29:03 -0700 (PDT)
On Tue, 25 Oct 1994, pluvius wrote:
I'm sending a copy to root () sfu ca so that (a) vanepp probably gets it, and (b) if vanepp's mail is being stolen somehow that I can't see through VRFY and EXPN, the other roots there can deal with it.The cracker just wants to mailbomb vanepp. He's done it before, he'll do it again. Just not from *my* site, if I have anything to say about it. Does ANYBODY have any code that will limit the number of messages a single user can send per day?? Or any other code to detect mail bombs? Sending 5 identical messages to different addresses? (Or the same address, for that matter..)oh that's grand, you want to hack telnet so that it checks the destination port and after x numbers of connects to a smtp port it sais "sorry, you can't send any more mail". a hell of a lot better solution is to get affected sites to install sendmail 8.6.9 because the brialliant crackers who are doing this are clearly too inept to spoof identd - i'm sure a 'helo user@host' will give them the willies and get them to lay off
Well, the problem with printing that info is that it allows them to try different things until they've spoofed it. They'll know that they've spoofed it. It's like exploit scripts; you won't know if you've fixed the hole until the exploit script stops working. (Bad analogy: you may have only shrunk or moved the hole; sendmail will absolutely confirm or deny whether you made it through.) -- Charles Howes -- chowes () helix net Always tell the truth, then you make it the other bloke's problem! - Sean Connery, 1971
Current thread:
- Another request for passwords Douglas R. Floyd (Oct 22)
- Re: Another request for passwords Charles Howes (Oct 23)
- Re: Another request for passwords That Whispering Wolf... (Oct 23)
- Re: Another request for passwords Charles Howes (Oct 23)
- Re: Another request for passwords christopher williams (Oct 24)
- Re: Another request for passwords Brett Watson (Oct 25)
- Re: Another request for passwords Charles Howes (Oct 23)
- Stupid crackers exploiting stupid users der Mouse (Oct 23)
- Re: Stupid crackers exploiting stupid users Peter Van Epp (Oct 23)
- Re: Stupid crackers exploiting stupid users Charles Howes (Oct 23)
- Re: Stupid crackers exploiting stupid users pluvius (Oct 25)
- Re: Stupid crackers exploiting stupid users Charles Howes (Oct 26)
- Sun Mouse Bug David J. Bianco (Oct 26)
- Network Volumetric Analysis (NVA) software Frank R. Swift (Oct 26)
- Re: Another request for passwords christopher williams (Oct 23)
- Re: Another request for passwords Doug McLaren (Oct 24)
- Re: Another request for passwords Charles Howes (Oct 27)
- Re: Another request for passwords Charles Howes (Oct 23)
- <Possible follow-ups>
- Re: Another request for passwords Charles Howes (Oct 23)