Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: mail storm

From: strombrg () hydra acs uci edu (Dan Stromberg)
Date: Mon, 12 Aug 1996 20:47:14 -0700

On Mon, 12 Aug 1996, Dan Stromberg wrote:


Imagine the hacker picks 2n mailing lists, subscribing the i'th to the
(i+n)th and the (i+n)th to the i'th, subscribing that person they really
don't like to the 0..n-1'th, and finally, forging one message to each of
the 0..n-1'th.


Apologies; I got ahead of myself.

I suppose the scenario above is linear growth, tho unbounded -
barring the possibilty of a hop count taking effect.

For exponential growth, it would most likely be necessary for list i to
be subscribed to the i+n'th 2 or more times.  The i+n'th could then be
subscribed to the i'th as few as one time - just so long as there's
feedback, and a doubling (or more) in at least one place.

My intuition is that even if a hop count did kick in, 2^h messages could
still be enough to cause substantial trouble, even for a hop count (h) as
low as 15.  I suspect many machines have a hop count of 25 or so.

Also, I perhaps should have indicated: I've intended "i" to take on
values 0..n-1.


If this "attack" is feasible, it would seem the most effective
defense is to use only mailing list software, that requires a
magic-cookie authenticated response from subscribers.
Previous By Date Next
Previous By Thread Next

Current thread: