Bugtraq mailing list archives
mail storm
From: strombrg () HYDRA ACS UCI EDU (Dan Stromberg)
Date: Mon, 12 Aug 1996 17:56:43 -0700
This is a multi-part message in MIME format. --------------55A62A252F7A Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit This almost has to have been discussed before, but I don't recall seeing it anywhere. Imagine a hacker really doesn't like someone, and is willing to do something disruptive to a lot of other people to spite that one person. Or imagine that they just want to do something very disruptive. Imagine the hacker picks 2n mailing lists, subscribing the i'th to the (i+n)th and the (i+n)th to the i'th, subscribing that person they really don't like to the 0..n-1'th, and finally, forging one message to each of the 0..n-1'th. Some (all? Doesn't seem likely from here) mailing list software would probably figure it out, but enough of them wouldn't that I suspect there'd be a nasty "e-mail storm" - an exponential growth of e-mail, analogous to the growth seen in a "broadcast storm". Hop count limits Might curtail the effect, after a point - tho there may also be ways around this... My suspicion is that many machines would be driven up to their "OX" load as defined in sendmail, that others would have no "OX" defined and hence would be driven into the ground, and that many machines would suffer overflowing mail spools - a sizeable number of which would be on root filesystems. It almost seems like a substantial segment of the internet could be trashed with something like this. Comments? --------------55A62A252F7A Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="treatise_locks.html" <BASE HREF="http://www.deter.com/unix/treatise_locks.html"> <HTML> <HEAD> <TITLE>Rudimentary Treatise on the Construction of Locks</TITLE> </HEAD> <BODY> <H2>Rudimentary Treatise on the Construction of Locks, 1853 (excerpt)</H2> <H3> -- Charles Tomlinson</H3> <BLOCKQUOTE> A commercial, and in some respects a social, doubt has been started within the last year or two, whether or not it is right to discuss so openly the security or insecurity of locks. Many well-meaning persons suppose that the discussion respecting the means for baffling the supposed safety of locks offers a premium for dishonesty, by showing others how to be dishonest. This is a fallacy. Rogues are very keen in their profession, and already know much more than we can teach them respecting their several kinds of roguery. Rogues knew a good deal about lockpicking long before locksmiths discussed it among themselves, as they have lately done. If a lock -- let it have been made in whatever country, or by whatever maker -- is not so inviolable as it has hitherto been deemed to be, surely it is in the interest of <I>honest</I> persons to know this fact, because the <I>dishonest</I> are tolerably certain to be the first to apply the knowledge practically; and the spread of knowledge is necessary to give fair play to those who might suffer by ignorance. It cannot be too earnestly urged, that an acquintance with real facts will, in the end, be better for all parties. Some time ago, when the reading public was alarmed at being told how London milk is adulterated, timid persons deprecated the exposure, on the plea that it would give instructions in the art of adulterating milk; a vain fear -- milkmen knew all about it before, whether they practiced it or not; and the exposure only taught purchasers the necessity of a little scrutiny and caution, leaving them to obey this necessity or not, as they pleased. ...The unscrupulous have the command of much of this kind of knowledge without our aid; and there is moral and commercial justice in placing on their guard those who might possibly suffer therefrom. We employ these stray expressions concerning adulteration, debasement, roguery, and so forth, simply as a mode of illustrating a principle -- the advantage of publicity. In respect to lock-making, there can scarcely be such a thing as dishonesty of intention: the inventor produces a lock which he honestly thinks will posess such and such qualities; and he declares his belief to the world. If others differ from him in opinion concerning those qualities, it is open to them to say so; and the discussion, truthfully conducted, must lead to public advantage: the discussion stimulates curiosity, and curiosity stimulates invention. Nothing but a partial and limited view of the question could lead to the opinion that harm can result: if there be harm, it will be much more than counterbalanced by good. </BLOCKQUOTE> </BODY> </HTML> --------------55A62A252F7A--
Current thread:
- Re: IRIX 5.3 chost Grant Kaufmann (Aug 07)
- <Possible follow-ups>
- Re: IRIX 5.3 chost Bill Nickless (Aug 11)
- Re: IRIX 5.3 chost Grant Kaufmann (Aug 12)
- Re: IRIX 5.3 chost Vern Hart (Aug 12)
- Re: IRIX 5.3 chost Mike Kienenberger (Aug 12)
- mail storm Dan Stromberg (Aug 12)
- Re: mail storm Dan Stromberg (Aug 12)
- Re: mail storm Arik Baratz (Aug 13)
- Re: mail storm Albert Lunde (Aug 12)
- Re: mail storm Igor Chudov @ home (Aug 12)
- Vulnrability in all known Linux distributions bloodmask (Aug 12)
- Re: Vulnrability in all known Linux distributions Steve Czetty (Aug 13)
- Re: Vulnrability in all known Linux distributions Alan Brown (Aug 13)
- Re: Vulnrability in all known Linux distributions Elliot Lee (Aug 13)
- Re: Vulnrability in all known Linux distributions Alan Cox (Aug 14)
- mount/umount realpath() buffer overflow David J. Meltzer (Aug 13)