Bugtraq mailing list archives
Re: mail storm
From: hamors () LITTERBOX ORG (Sean B. Hamor)
Date: Tue, 13 Aug 1996 20:04:56 -0400
On Tue, 13 Aug 1996, Roy Leonard wrote: # list software may well be capable of stopping this. But surely it would be # easier for the hacker to subscribe his enemy to N mailing lists? Is there # any solution to this? Or do you simply hope that your users are friends This is exactly what happened at newhackcity.net. Someone decided to take revenge upon one of my users, and forged a subscription request from newhackcity.net to the Netcom listserver. Fortunately, this forged subscription request raised a red flag at Netcom (after all, who asks to be subscribed to 2,000+ mailing lists in a single request?) and bounced back to newhackcity.net, headers intact. After figuring out exactly why I received this bounced back message, it was trivial tracking down the forger. At least this shows that some listserv software protects against multiple subscription requests in a single message. Nothing is foolproof...fools are just too damn ingenious... pub 2047/59209F85 1996/07/26 Sean B. Hamor <hamors () litterbox org> Key fingerprint = 85 DB 78 DB F8 C5 82 32 50 39 D0 53 B6 80 D7 CF http://www.litterbox.org/~hamors/
Current thread:
- Re: mail storm Roy Leonard (Aug 13)
- Re: mail storm zero cool (Aug 13)
- Re: mail storm Pete Ashdown (Aug 13)
- Re: mail storm Sean B. Hamor (Aug 13)
- setuid lp script Francis Liu (Aug 13)
- Re: setuid lp script Casper Dik (Aug 15)
- CERT Advisory CA-96.19 - Vulnerability in expreserve CERT Advisory (Aug 15)
- IRIX 5.3 and CA-96.19 - Vulnerability in expreserve? Mike Kienenberger (Aug 15)
- <Possible follow-ups>
- Re: mail storm Brett L. Hawn (Aug 13)
- Re: mail storm John Ladwig (Aug 13)
- Re: mail storm C. Harald Koch (Aug 13)
- Re: mail storm Joe Rhett (Aug 13)
- Re: mail storm Valdis.Kletnieks () vt edu (Aug 13)
- HP elm exploit Clay Shields (Aug 13)
(Thread continues...)