Full Disclosure mailing list archives
RE: [inbox] DoS of Antivir Gateways with huge amount of attatchments with same name
From: "Curt Purdy" <purdy () tecman com>
Date: Thu, 25 Sep 2003 10:32:47 -0500
Yes, very interesting Helmut. In fact this has been an interesting month for email admins with both sobig and swen. Swen hosed up our Postfix server with millions of messages to newsgroups, had to end up manually blocking them. Please keep us abreast of your results when you figure out which AV it was. Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA Information Security Engineer DP Solutions ---------------------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- former White House cybersecurity zar Richard Clarke -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]On Behalf Of Helmut Hauser Sent: Wednesday, September 24, 2003 12:42 PM To: full-disclosure () lists netsys com Subject: [inbox] [Full-disclosure] DoS of Antivir Gateways with huge amount of attatchments with same name We got an E-Mail yesterday from one of our customers. It had 291 (!) base64 coded attatchments which caused our antivirus gateway to fail. Further investigation of this mail shows that there were saved html pages with all pictures saved seperatly so there were 7 times the same picture(s) in this mail with the same filename(s). We have different Antivirproducts working together and one of them (still canĀ“t figure out which one) has been fooled by the same filename(s) and caused the gateway to fail. Very interesting. Helmut Hauser Systemadministration EDV _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- DoS of Antivir Gateways with huge amount of attatchments with same name Helmut Hauser (Sep 24)
- RE: [inbox] DoS of Antivir Gateways with huge amount of attatchments with same name Curt Purdy (Sep 25)