Bugtraq mailing list archives

Re: mail storm

From: blh () NOL NET (Brett L. Hawn)
Date: Tue, 13 Aug 1996 07:01:33 -0500


Rather than subscribing each list to each list they could simply subscribe
two or three accounts at a site to about 5000+ lists. I've seen it done (ie.
been victimized by it) and I can assure you that its quite horrid. Things
like ListServ are completely broken and for the most part automatically
allow anything and anyone to be subscribed (mind you they make you respond
with some sort of moronic OK <code> code to unsubscribe). My old account,
our root account, and several other accounts were subscribed to some 5000
lists (I used to have a file containing the name of each one but lost it
while cleaning one day) and even w/ an OX set it will still bog your
machine(s) down to the point of unusability.

We ended up putting filters on port 25 for about some 200 IPs at the cisco
for quite some time before we could manage to get ourselves off most of the
lists. This was some 4 months ago and we *still* haven't gotten off all of
them.

Suggestions:

1: *ALL* mail list programs should be designed/configured to *not* allow
root@* to subscribe, anyone who does daily tasks as root is a complete idiot
anyway (imho)

2: *ALL* mail list programs should be checked regularly for glitches, etc.
(it took 6 calls to Missouri.edu and us bouncing all the mail list crap we
got back to root () missouri edu, and 5 weeks before those *&^%ing twits would
overide the settings and remove us from the list (apparently the ListServ
thought we weren't on the list when we tried to unsubscribe yet kept sending
us list mail))

3: If all else fails, learn your filters, it saved our butts in a big way,
and it may save yours. The program (script) used to do this to us has been
floating around in recent times and it would appear that quite a few little
'wannabes' have it now (just like the spoofing synflooder) and I have no
doubt that attacks like this will be on the rise.

[-]                  Brett L. Hawn (blh () nol net)                           [-]
[-]                Networks On-Line - Houston, Texas                       [-]
[-]                           713-467-7100                                 [-]

Current thread:

Re: mail storm Roy Leonard (Aug 13)
- Re: mail storm zero cool (Aug 13)
- Re: mail storm Pete Ashdown (Aug 13)
- Re: mail storm Sean B. Hamor (Aug 13)
- setuid lp script Francis Liu (Aug 13)
  - Re: setuid lp script Casper Dik (Aug 15)
  - CERT Advisory CA-96.19 - Vulnerability in expreserve CERT Advisory (Aug 15)
    - IRIX 5.3 and CA-96.19 - Vulnerability in expreserve? Mike Kienenberger (Aug 15)
- <Possible follow-ups>
- Re: mail storm Brett L. Hawn (Aug 13)
  - Re: mail storm John Ladwig (Aug 13)
  - Re: mail storm C. Harald Koch (Aug 13)
  - Re: mail storm Joe Rhett (Aug 13)
  - Re: mail storm Valdis.Kletnieks () vt edu (Aug 13)
  - HP elm exploit Clay Shields (Aug 13)
- Re: mail storm der Mouse (Aug 13)
- Re: mail storm J.R.Valverde (Aug 13)