Bugtraq mailing list archives
Re: mail storm
From: blh () NOL NET (Brett L. Hawn)
Date: Tue, 13 Aug 1996 07:01:33 -0500
Rather than subscribing each list to each list they could simply subscribe two or three accounts at a site to about 5000+ lists. I've seen it done (ie. been victimized by it) and I can assure you that its quite horrid. Things like ListServ are completely broken and for the most part automatically allow anything and anyone to be subscribed (mind you they make you respond with some sort of moronic OK <code> code to unsubscribe). My old account, our root account, and several other accounts were subscribed to some 5000 lists (I used to have a file containing the name of each one but lost it while cleaning one day) and even w/ an OX set it will still bog your machine(s) down to the point of unusability. We ended up putting filters on port 25 for about some 200 IPs at the cisco for quite some time before we could manage to get ourselves off most of the lists. This was some 4 months ago and we *still* haven't gotten off all of them. Suggestions: 1: *ALL* mail list programs should be designed/configured to *not* allow root@* to subscribe, anyone who does daily tasks as root is a complete idiot anyway (imho) 2: *ALL* mail list programs should be checked regularly for glitches, etc. (it took 6 calls to Missouri.edu and us bouncing all the mail list crap we got back to root () missouri edu, and 5 weeks before those *&^%ing twits would overide the settings and remove us from the list (apparently the ListServ thought we weren't on the list when we tried to unsubscribe yet kept sending us list mail)) 3: If all else fails, learn your filters, it saved our butts in a big way, and it may save yours. The program (script) used to do this to us has been floating around in recent times and it would appear that quite a few little 'wannabes' have it now (just like the spoofing synflooder) and I have no doubt that attacks like this will be on the rise. [-] Brett L. Hawn (blh () nol net) [-] [-] Networks On-Line - Houston, Texas [-] [-] 713-467-7100 [-]
Current thread:
- Re: mail storm Roy Leonard (Aug 13)
- Re: mail storm zero cool (Aug 13)
- Re: mail storm Pete Ashdown (Aug 13)
- Re: mail storm Sean B. Hamor (Aug 13)
- setuid lp script Francis Liu (Aug 13)
- Re: setuid lp script Casper Dik (Aug 15)
- CERT Advisory CA-96.19 - Vulnerability in expreserve CERT Advisory (Aug 15)
- IRIX 5.3 and CA-96.19 - Vulnerability in expreserve? Mike Kienenberger (Aug 15)
- <Possible follow-ups>
- Re: mail storm Brett L. Hawn (Aug 13)
- Re: mail storm John Ladwig (Aug 13)
- Re: mail storm C. Harald Koch (Aug 13)
- Re: mail storm Joe Rhett (Aug 13)
- Re: mail storm Valdis.Kletnieks () vt edu (Aug 13)
- HP elm exploit Clay Shields (Aug 13)
- Re: mail storm der Mouse (Aug 13)
- Re: mail storm J.R.Valverde (Aug 13)