Bugtraq mailing list archives
Re: News DoS using sendsys
From: sgifford () tir com (Scott Gifford)
Date: Wed, 26 Aug 1998 18:06:09 -0400
I think we (a local ISP in Augsburg/Germany ...) are hit by an DoS that wasn't described here before: Our newsserver (INN) all of a sudden gets several 100 'sendsys' requests per day. The addresses of the people requesting the sendsys seem to be completely random. They all seem to be normal user-accounts. We see these sendsys requests for about a week now.
Yeah, this happened to us last week, only with many more than 100. We had sendsys mailing us, and it *still* killed our server from all the mail and shlock processes. We changed it to drop and killed off all of the processes currently dealing with sendsys, and the problem went away. There are supposed to be some options in Cleanfeed 0.95.7 and newer to deal with this, as well as other nasty INN tricks. You can download it from: http://www.exit109.com/~jeremy/cleanfeed.html ftp://ftp.exit109.com/users/jeremy/ -------Scott.
Current thread:
- Re: News DoS using sendsys Forrest J. Cavalier III (Aug 26)
- <Possible follow-ups>
- Re: News DoS using sendsys Scott Gifford (Aug 26)
- Re: News DoS using sendsys Russ Allbery (Aug 26)
- Re: News DoS using sendsys Andrew V. Kovalev (Aug 27)
- Re: News DoS using sendsys Charlesw (Aug 27)
- Re: News DoS using sendsys David Shaw (Aug 27)
- SV: SV: Serious Security Hole in Hotmail (URL to sourcecode) Jonathan James (Aug 27)
- Re: News DoS using sendsys Julian Cowley (Aug 27)
- Re: News DoS using sendsys Russ Allbery (Aug 27)
- Seyon Security Vulnerability SGI Security Coordinator (Aug 27)
- Re: Seyon Security Vulnerability Alan Cox (Aug 27)
- SECURITY: new nfs-server packages available (fwd) Alan Cox (Aug 27)
- Re: News DoS using sendsys Andrew V. Kovalev (Aug 27)
(Thread continues...)