Bugtraq mailing list archives
Possible Gauntlet DoS
From: jlalder () FIWC NAVY MIL (Jimmy L. Alderson)
Date: Thu, 24 Jul 1997 10:37:41 -0400
Hello, I recently had a problem while testing some security startegies on our internal network. The problem in a nutshell was that our Gauntlet firewall bastion host was bouncing all mail originating from inside the firewall. (I'm not sure if it bounced all incomming mail or not, I believe that at a certain point it more than likely did). What I did to start this problem was I telneted to port 25 of our lan server and sent mail to a non-existent address from a nonexistent user so it would look like this if my user name was really "jimmy" mail from: jim () realdoamin com ...sender ok rcpt to: lkdjf09w4olkjfs9 ... reciever ok data quit using a . test . quit sending mail now This caused the server to forward the mail to the bastion host. The bastion host spooled the mail, realized it couldnt send it out and bounced it back to the lan server. The lan server said "I dont know no steeenkin jim, he is not a user on my system, and bounced it back to the bastion host... and so on and so on and so on. The filesystem on the bastion host eventually filled up and BOOM no mo mail. I am not an expert on the Gauntlet firewall so there may be an option to truncate this, however I beleieve that it sees all new mail as just that new mail, no matter how many times it has been processed before. If this is true It would be really easy for someone from inside a network to accomplish this. Jimmy Lee Alderson
Current thread:
- Possible Gauntlet DoS Jimmy L. Alderson (Jul 24)
- <Possible follow-ups>
- Re: Possible Gauntlet DoS John J. McMahon (Jul 24)