Bugtraq mailing list archives

Re: mail storm

From: jrvalverde () samba cnb uam es (J.R.Valverde)
Date: Tue, 13 Aug 1996 18:22:37 WET

Rather than subscribing each list to each list they could simply subscribe
two or three accounts at a site to about 5000+ lists. I've seen it done (ie.
been victimized by it) and I can assure you that its quite horrid. Things
like ListServ are completely broken and for the most part automatically
allow anything and anyone to be subscribed (mind you they make you respond

        There are some simple workarounds against these kind of attacks.
The classic simple solution on LISTSERV was to send an UNSUBSCRIBE /NETWIDE
(if I remember well) and get unsubscribed from every list on the world
(connected to the LISTSERV hierarchy, that is).

        Those were the wonderful times of BITNET... Now having lists in an
interconnected network of listservers is the exception. Similarly, as I remember,
there were safeguards against bogus subscriptions since old BITnet listservers.
With them on, the solution is simple enough: don't do anything: the account
fills, messages are returned and the list manager automatically removes you.

        Still, many list managers are too old/dummy. Something as simple as a
vacation program can save your ass here: just make a 'vacation' file with
UNSUBSCRIBE and let every mail get back an unsubscription response. A few
variations for special list servers will get you out of most. Human
correspodents won't mind too much (specially if you add some clarification
in a signature). The few that remain could be canceled by hand.

        The point is that it should not be as much of an issue with correctly
configured and written list servers. With the wrong ones, that's not a bug
(IMHO), but a human error. Still it is a harassment and a burden to fix.

        The real problem comes from unknowledgeable schmucks using easily
available tools, be it mailbomb scripts or listservers. Much should be done
against the firsts (propoer education), but for the seconds, the only way
is to make a nice, foolproof, GUI-oriented, multiplatform list server to
offer the ever increasing number of not-formed, not-interested, all-wanting
newcomers in search of fast solutions (fast money?) on the Internet.

        Still I hardly see this as a bug or how it should be related to
UNIX in general or why a general solution should be added to the system
(other than said foolproof list-server).

                                jr

Current thread:

Re: setuid lp script, (continued)
- - Re: setuid lp script Casper Dik (Aug 15)
  - CERT Advisory CA-96.19 - Vulnerability in expreserve CERT Advisory (Aug 15)
    - IRIX 5.3 and CA-96.19 - Vulnerability in expreserve? Mike Kienenberger (Aug 15)
- Re: mail storm Brett L. Hawn (Aug 13)
  - Re: mail storm John Ladwig (Aug 13)
  - Re: mail storm C. Harald Koch (Aug 13)
  - Re: mail storm Joe Rhett (Aug 13)
  - Re: mail storm Valdis.Kletnieks () vt edu (Aug 13)
  - HP elm exploit Clay Shields (Aug 13)
- Re: mail storm der Mouse (Aug 13)
- Re: mail storm J.R.Valverde (Aug 13)