Bugtraq mailing list archives

Re: News DoS using sendsys

From: fifi () CAM ORG (Guezou Philippe)
Date: Wed, 26 Aug 1998 14:04:28 -0400


We notice the same problem/attack few weeks ago. We were flooded by
newsfeed request from single users. We were receiving these mails at a
rate of 30/40 per minutes during 5 days.
Our news server as the same configuration as Walter Hafner, concerning
executions of controls messages.

We were unable to find the guy who issue these attacks.

Guezou Philippe                                         fifi () cam org
Net. System. Admin.

On Wed, 26 Aug 1998, Walter Hafner wrote:

I think we (a local ISP in Augsburg/Germany ...) are hit by an DoS that
wasn't described here before:

Our newsserver (INN) all of a sudden gets several 100 'sendsys' requests
per day. The addresses of the people requesting the sendsys seem to be
completely random. They all seem to be normal user-accounts. We see
these sendsys requests for about a week now.

Fortunately, this DoS is very easy to stop: Just make sure, that the
Newsserver doesn't reply to a 'sendsys' automatically.


BTW, I think that this attitude is the default one.

-Walter

Current thread:

specifics on cisco DOS? Roger Books (Aug 17)
- Re: specifics on cisco DOS? Jared Mauch (Aug 17)
  - Re: specifics on cisco DOS? George Phillips (Aug 25)
  - News DoS using sendsys Walter Hafner (Aug 26)
    - Re: News DoS using sendsys Nik Clayton (Aug 26)
    - Re: News DoS using sendsys Guezou Philippe (Aug 26)
    - Re: News DoS using sendsys Pat Barron (Aug 26)