There have recently been a couple of messages concerning DoS attacks on NT-based SLMail and IMail SMTP servers. At the end of January, a similar report was made concerning IMail's POP3 server. Jon[SMTP:stevenat_private] wrote: > A long string of text after a command makes > the program (SLMail) crash. (Snip) > It will stay unresponsive until manually restarted. (Snip) > Out of boredom, I tried another smtp daemon for Windows, > IMail (I tried 4.03) by IPSwitch (www.ipswitch.com). Which > crashed the same way. Pretty strange, I've only tried two > windowsNT smtp daemons, and both crashed the same way... I cannot comment on SLMail, but John Junod (author of IMail) says the following: # That "bug" by the way, doesn't cause IMail any problems. # It only causes the "hacker" a problem since IMail won't # release the connection and won't accept any more input # from them until they drop the connection and reconnect. # It does not affect any other sessions to the SMTP server. # The session does drop cleanly freeing all resources as # designed either when the "hacker" breaks the connection # or when the timeout occurs, whichever occurs first. Mark Symons EDS Africa mark.symonsat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:46:04 PDT