Bugtraq mailing list archives
Subscription bomb tracing - feature request.
From: alan () MANAWATU GEN NZ (Alan Brown)
Date: Tue, 4 Jan 2000 15:15:22 +1300
There have been quite a few subscribe bombs tossed around recently. While it's nice to see that most mailing list admins use confirm requests now, it would be a great help if the confirm requests contained at least the headers of the original request, to aid victims in tracing their attacker(s). One attack recently notified to ORBS attempted to sign the victim up to 26,000 different lists via insecure email relays. The confirmation requests alone constituted a fairly substantial denial of service attack, as did the huge number of bounces the victim got. I've only ever seen one mailing list which actually showed where the signup request came from. Times are still changing and adding an audit trail would make life easier all round. AB
Current thread:
- Subscription bomb tracing - feature request. Alan Brown (Jan 03)
- Re: Subscription bomb tracing - feature request. M. Dodge Mumford (Jan 05)
- Re: Subscription bomb tracing - feature request. Brian Mueller (Jan 05)
- Sun Security Bulletin #00193 (fwd) Jay D. Dyson (Jan 05)