Re: Stupid crackers exploiting stupid users

[chowes () helix net (Charles Howes)]

On Tue, 25 Oct 1994, pluvius wrote:

> > > I'm sending a copy to root () sfu ca so that (a) vanepp probably gets it,
> > > and (b) if vanepp's mail is being stolen somehow that I can't see
> > > through VRFY and EXPN, the other roots there can deal with it.
> >
> > The cracker just wants to mailbomb vanepp.  He's done it before, he'll
> > do it again.  Just not from *my* site, if I have anything to say about
> > it.
> >
> > Does ANYBODY have any code that will limit the number of messages a
> > single user can send per day??  Or any other code to detect mail
> > bombs?  Sending 5 identical messages to different addresses?  (Or the
> > same address, for that matter..)
>
>  oh that's grand, you want to hack telnet so that it checks the 
> destination port and after x numbers of connects to a smtp port it sais
> "sorry, you can't send any more mail".
>  a hell of a lot better solution is to get affected sites to install 
> sendmail 8.6.9 because the brialliant crackers who are doing this are 
> clearly too inept to spoof identd - i'm sure a 'helo user@host' will give 
> them the willies and get them to lay off

Well, the problem with printing that info is that it allows them to
try different things until they've spoofed it.  They'll know that
they've spoofed it.

It's like exploit scripts; you won't know if you've fixed the hole
until the exploit script stops working.  (Bad analogy: you may have
only shrunk or moved the hole; sendmail will absolutely confirm or
deny whether you made it through.)

--
Charles Howes -- chowes () helix net
 Always tell the truth, then you make it the other bloke's problem! 
 - Sean Connery, 1971