Bugtraq mailing list archives
Re: Decompression Bombs
From: Chris Green <cmg () dok org>
Date: Mon, 09 Feb 2004 13:13:44 -0500
"Myron Davis" <myrond () xyxx com> writes:
Theoretically one could modify a worm to send random zip'd files of zeros along the way to different hosts to really kill the destinations computers.
Is this all just back to fail open/fail closed? I have a file that will cause XXX virus scanner to crash. Does the SMTP agent view that as a reason to reject the email or does it pass it through? If it does a temporary rejection message because of some internal failure, the infection rateof these messages becomes very low. Not sure how virus scanners + SMTP servers interact with regards to tradition SMTP errors. It would be an effective anti-cleanup method though. -- Chris Green <cmg () dok org> Fame may be fleeting but obscurity is forever.
Current thread:
- Decompression Bombs Matthias Leu (Feb 03)
- <Possible follow-ups>
- RE: Decompression Bombs David Bachtel (Feb 06)
- RE: Decompression Bombs Myron Davis (Feb 09)
- Re: Decompression Bombs Brian Dessent (Feb 09)
- Re: Decompression Bombs Myron Davis (Feb 11)
- Re: Decompression Bombs Chris Green (Feb 09)
- RE: Decompression Bombs Myron Davis (Feb 09)
- RE: Decompression Bombs SBNelson (Feb 09)
- Re: Decompression Bombs Bipin Gautam . (Feb 11)