Bugtraq mailing list archives
Re: mail storm
From: strombrg () hydra acs uci edu (Dan Stromberg)
Date: Mon, 12 Aug 1996 20:47:14 -0700
On Mon, 12 Aug 1996, Dan Stromberg wrote:
Imagine the hacker picks 2n mailing lists, subscribing the i'th to the (i+n)th and the (i+n)th to the i'th, subscribing that person they really don't like to the 0..n-1'th, and finally, forging one message to each of the 0..n-1'th.
Apologies; I got ahead of myself. I suppose the scenario above is linear growth, tho unbounded - barring the possibilty of a hop count taking effect. For exponential growth, it would most likely be necessary for list i to be subscribed to the i+n'th 2 or more times. The i+n'th could then be subscribed to the i'th as few as one time - just so long as there's feedback, and a doubling (or more) in at least one place. My intuition is that even if a hop count did kick in, 2^h messages could still be enough to cause substantial trouble, even for a hop count (h) as low as 15. I suspect many machines have a hop count of 25 or so. Also, I perhaps should have indicated: I've intended "i" to take on values 0..n-1. If this "attack" is feasible, it would seem the most effective defense is to use only mailing list software, that requires a magic-cookie authenticated response from subscribers.
Current thread:
- Re: IRIX 5.3 chost Grant Kaufmann (Aug 07)
- <Possible follow-ups>
- Re: IRIX 5.3 chost Bill Nickless (Aug 11)
- Re: IRIX 5.3 chost Grant Kaufmann (Aug 12)
- Re: IRIX 5.3 chost Vern Hart (Aug 12)
- Re: IRIX 5.3 chost Mike Kienenberger (Aug 12)
- mail storm Dan Stromberg (Aug 12)
- Re: mail storm Dan Stromberg (Aug 12)
- Re: mail storm Arik Baratz (Aug 13)
- Re: mail storm Albert Lunde (Aug 12)
- Re: mail storm Igor Chudov @ home (Aug 12)
- Vulnrability in all known Linux distributions bloodmask (Aug 12)
- Re: Vulnrability in all known Linux distributions Steve Czetty (Aug 13)
- Re: Vulnrability in all known Linux distributions Alan Brown (Aug 13)
- Re: Vulnrability in all known Linux distributions Elliot Lee (Aug 13)
- Re: Vulnrability in all known Linux distributions Alan Cox (Aug 14)
- mount/umount realpath() buffer overflow David J. Meltzer (Aug 13)
- Possible bufferoverflow condition in lpr, xterm and xload bloodmask (Aug 12)