Bugtraq mailing list archives
Re: mail storm
From: mouse () Holo Rodents Montreal QC CA (der Mouse)
Date: Tue, 13 Aug 1996 09:34:58 -0400
Imagine [someone] is willing to do something disruptive [...] [scheme for siccing mailing lists on one another]
My suspicion is that many machines would be driven up to their "OX" load as defined in sendmail, that others would have no "OX" defined and hence would be driven into the ground, and that many machines would suffer overflowing mail spools - a sizeable number of which would be on root filesystems.
You don't even need very many lists involved. I once saw a case where a user had logins on three machines: user@A, user@B, and user@C. On each machine this user set up a .forward file that delivered locally and forwarded to the other two machines, as in A:~user/.forward (for example) contained \user, user@B, user@C This did not come to my attention until one day I noticed a machine had ground to a halt. This machine did that relatively often; I just rebooted. Shortly thereafter it ground to a halt again; this was unusual enough for me to investigate, and I saw zillions of sendmails. I checked the mail queue and got seriously spammed; I then investigated more and found what the user had done. Two of the three machines were under my control; I blew away the forwarding on those two and let the remaining queues burn themselves out. (This particular incident was not malicious; the user simply had not thought enough to realize that he was creating forwarding loops and worse.) My point is that with only three machines, you can get an exponential explosion bad enough to bring at least the weakest of the three to its knees. Even if you have only three lists, just arrange to subscribe each of them to both of the others, and boom. der Mouse mouse () collatz mcrcim mcgill edu 01 EE 31 F6 BB 0C 34 36 00 F3 7C 5A C1 A0 67 1D
Current thread:
- setuid lp script, (continued)
- setuid lp script Francis Liu (Aug 13)
- Re: setuid lp script Casper Dik (Aug 15)
- CERT Advisory CA-96.19 - Vulnerability in expreserve CERT Advisory (Aug 15)
- IRIX 5.3 and CA-96.19 - Vulnerability in expreserve? Mike Kienenberger (Aug 15)
- Re: mail storm Brett L. Hawn (Aug 13)
- Re: mail storm John Ladwig (Aug 13)
- Re: mail storm C. Harald Koch (Aug 13)
- Re: mail storm Joe Rhett (Aug 13)
- Re: mail storm Valdis.Kletnieks () vt edu (Aug 13)
- HP elm exploit Clay Shields (Aug 13)
- Re: mail storm der Mouse (Aug 13)
- Re: mail storm J.R.Valverde (Aug 13)
- setuid lp script Francis Liu (Aug 13)