Penetration Testing mailing list archives

Re: Mail Server testing

From: "Volker Tanger" <volker.tanger () discon de>
Date: Wed, 14 May 2003 10:22:23 +0200

Greetings!

On 13 May 2003 08:35:25 +0200 Nicolas Gregoire <ngregoire () exaprobe com>
wrote:

On Mon, 2003-05-12 at 05:39, per () same net wrote:

* Zip-Of-Death. Make one huge (a couple of gigabytes) file and fill
it with homogenous data, for instance only the character "a". Zip
it. This will construct of a file that says "this files contains of
10(8) a:s" that is very small. Most modern mail content systems
handles this today, some older might not.


You should give a look to a file known as 42.zip :
      http://www.securityfocus.com/bid/3027/exploit/

"42.zip: ZIP archive, 42K, composed of nested zips (nested 6 levels
deep, each level 17 wide) - produces a file 4GB in size and will
reportedly crash 'most email virus checkers'"

16 items each (not 17), 6 levels = 16^6 - giving 4 TB (TeraByte), not
smallish Giga's... ;-)

For Trend InterScan VirusWall solved in 2001/2002 - now it seems Trend
unpacks the archive one file a time instead of unpacking all. Before
Trend unpacked all. When that filled the disk, it removed the temp file
and started over, effectively blocking one scanning thread. To block the
Trend ISVW you'd had to send (quite) a number of those Monster42.ZIPs
all simultaneously.

Bye

Volker Tanger

IT-Security
discon gmbh
DeTeWe AG & Co. KG

Fon +49 30 6104-3307
Fax +49 30 6104-3435
http://www.detewe.de/

-------------------------------------------------------------------
Besuchen Sie unsere neuen Internet-Seiten http://www.detewe.de .
Neues Highlight: Wunschproduktberater fuer den Home & Office-Bereich.

Visit our new Internet Pages on http://www.detewe.de .
Our Highlight: Online Product Adviser for Home & Office.
(Currently available in German only)

---------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies
that are enforced to protect WLANs from known vulnerabilities and threats.
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at:
http://www.securityfocus.com/AirDefense-pen-test
----------------------------------------------------------------------------

Current thread:

Mail Server testing Amal Al Hajeri (May 11)
- <Possible follow-ups>
- Re: Mail Server testing per () same net (May 12)
  - Re: Mail Server testing Nicolas Gregoire (May 13)
    - Re: Mail Server testing Volker Tanger (May 14)