Re: News DoS using sendsys

From: David Shaw (dshawat_private)
Date: Thu Aug 27 1998 - 06:32:26 PDT

Next message: Steve McBride: "Re: Security Hole in Axent ESM"

Previous message: Jonathan James: "SV: SV: Serious Security Hole in Hotmail (URL to sourcecode)"
Maybe in reply to: Walter Hafner: "News DoS using sendsys"
Next in thread: Charlesw: "Re: News DoS using sendsys"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Aug 26, 1998 at 03:52:58PM -0700, Russ Allbery wrote:
> There are several possible solutions at different levels of complexity.
>
> First, please make sure that your control.ctl file or the equivalent has a
> line like:
>
>         sendsys:*:*:drop

While you're at it, it might be worth adding:

        senduuname:*:*:drop
        version:*:*:drop

I suspect that once everyone configures their server to stop responding to
sendsys, the bombers will switch to senduuname and version.  I have
already seen a hundred "version" requests come in.  Neither version nor
senduuname are relevant to the overwhelming majority of INN installations
out there.

David

--
    David Shaw  |  dshawat_private  |  WWW http://www.cs.jhu.edu/~dshaw/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

Next message: Steve McBride: "Re: Security Hole in Axent ESM"
Previous message: Jonathan James: "SV: SV: Serious Security Hole in Hotmail (URL to sourcecode)"
Maybe in reply to: Walter Hafner: "News DoS using sendsys"
Next in thread: Charlesw: "Re: News DoS using sendsys"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:13:44 PDT