Bugtraq mailing list archives
Re: Possible Gauntlet DoS
From: mcmahon () WWSI COM (John J. McMahon)
Date: Thu, 24 Jul 1997 13:09:07 -0400
This is a multi-part message in MIME format. --------------1B8582CF831C76738240184D Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit
Hello, I recently had a problem while testing some security startegies on our internal network. The problem in a nutshell was that our Gauntlet firewall bastion host was bouncing all mail originating from inside the firewall. (I'm not sure if it bounced all incomming mail or not, I believe that at a certain point it more than likely did).
Keep in mind that Gauntlet smap/smapd is a front end for sendmail. It expects to send mail via SMTP to an internal mail hub, and it is the responsibility of the internal mail hub to handle the mail properly. What appears to occur here is the dud mail message is redelivered to the LAN host (likely addressed to: trashaddress@localdomain) which should then cause the message to bounce. The bounce should go to jim () realdomain com, which the LAN server should drop. Instead it tries to send it back to the Firewall. Rinse, Lather, Repeat... I'd suggest grabbing some of the bounces and forwarding them to gauntlet-support. They are pretty good at diagnosis and sendmail diagnosis. Cheers, Fuzz (ex-Gauntlet Support Goon) -- John "FuzzFace" McMahon, Director of Internet Technologies Worldwide Solutions, Inc. Sterling, Virginia mailto:mcmahon () wwsi com +1.303.581.0800 http://www.wwsi.com/ --------------1B8582CF831C76738240184D Content-Type: text/x-vcard; charset=us-ascii; name="vcard.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for John McMahon Content-Disposition: attachment; filename="vcard.vcf" begin: vcard fn: John McMahon n: McMahon;John org: <IMG SRC="http://www.wwsi.com/logo.gif"; ALT="Worldwide Solutions Inc."> adr: 46883 Rabbitrun Terrace ;;;Sterling;VA;20164;USA email;internet: mcmahon () wwsi com title: Director, Internet Technologies tel;work: 703.450.6793/303.581.0800 x-mozilla-cpt: ;0 x-mozilla-html: FALSE end: vcard --------------1B8582CF831C76738240184D--
![http://www.wwsi.com/logo.gif"](http://www.wwsi.com/logo.gif"){kind=link}
Current thread:
- Possible Gauntlet DoS Jimmy L. Alderson (Jul 24)
- <Possible follow-ups>
- Re: Possible Gauntlet DoS John J. McMahon (Jul 24)