Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: I found this today and iam reporting it to you first!!! (fwd)

From: jal () THIRDAGE COM (Jamie A. Lawrence)
Date: Sat, 4 Sep 1999 13:53:36 -0700

On Thu, Sep 02, 1999 at 12:01:40PM -0700, Technical Incursion Countermeasures wrote:

You can do a variation on this one (well sort opf - is a logstanding prob)

basically find two sites whose FW is conf'd to accept all mail and forward
it to the real mailserver. If this mailserver bounces invalid addresses
then you're on your way...

spoof a mail from an invalid address on one end to an invalid address on
the other. and sit back..

the first site will accept the mail (this is the fault - it should reject
if it is to comply with the IETF standard) and pass it inward, the
mailserver then sends an error message to the "sender"  and the same
process occurs at the other end...


On properly configured systems, this shouldn't be any big deal.

Assuming the MTA on one end or the other doesn't detect the
double bounce and kill it, you'll only rebound 30 or so times
(loop detection varies by configuration).

There are far worse DoS's out there...

-j
Previous By Date Next
Previous By Thread Next

Current thread: