Bugtraq mailing list archives
Re: mail storm
From: jrvalverde () samba cnb uam es (J.R.Valverde)
Date: Tue, 13 Aug 1996 18:22:37 WET
Rather than subscribing each list to each list they could simply subscribe two or three accounts at a site to about 5000+ lists. I've seen it done (ie. been victimized by it) and I can assure you that its quite horrid. Things like ListServ are completely broken and for the most part automatically allow anything and anyone to be subscribed (mind you they make you respond
There are some simple workarounds against these kind of attacks. The classic simple solution on LISTSERV was to send an UNSUBSCRIBE /NETWIDE (if I remember well) and get unsubscribed from every list on the world (connected to the LISTSERV hierarchy, that is). Those were the wonderful times of BITNET... Now having lists in an interconnected network of listservers is the exception. Similarly, as I remember, there were safeguards against bogus subscriptions since old BITnet listservers. With them on, the solution is simple enough: don't do anything: the account fills, messages are returned and the list manager automatically removes you. Still, many list managers are too old/dummy. Something as simple as a vacation program can save your ass here: just make a 'vacation' file with UNSUBSCRIBE and let every mail get back an unsubscription response. A few variations for special list servers will get you out of most. Human correspodents won't mind too much (specially if you add some clarification in a signature). The few that remain could be canceled by hand. The point is that it should not be as much of an issue with correctly configured and written list servers. With the wrong ones, that's not a bug (IMHO), but a human error. Still it is a harassment and a burden to fix. The real problem comes from unknowledgeable schmucks using easily available tools, be it mailbomb scripts or listservers. Much should be done against the firsts (propoer education), but for the seconds, the only way is to make a nice, foolproof, GUI-oriented, multiplatform list server to offer the ever increasing number of not-formed, not-interested, all-wanting newcomers in search of fast solutions (fast money?) on the Internet. Still I hardly see this as a bug or how it should be related to UNIX in general or why a general solution should be added to the system (other than said foolproof list-server). jr
Current thread:
- Re: setuid lp script, (continued)
- Re: setuid lp script Casper Dik (Aug 15)
- CERT Advisory CA-96.19 - Vulnerability in expreserve CERT Advisory (Aug 15)
- IRIX 5.3 and CA-96.19 - Vulnerability in expreserve? Mike Kienenberger (Aug 15)
- Re: mail storm Brett L. Hawn (Aug 13)
- Re: mail storm John Ladwig (Aug 13)
- Re: mail storm C. Harald Koch (Aug 13)
- Re: mail storm Joe Rhett (Aug 13)
- Re: mail storm Valdis.Kletnieks () vt edu (Aug 13)
- HP elm exploit Clay Shields (Aug 13)
- Re: mail storm der Mouse (Aug 13)
- Re: mail storm J.R.Valverde (Aug 13)