You can do a variation on this one (well sort opf - is a logstanding prob) basically find two sites whose FW is conf'd to accept all mail and forward it to the real mailserver. If this mailserver bounces invalid addresses then you're on your way... spoof a mail from an invalid address on one end to an invalid address on the other. and sit back.. the first site will accept the mail (this is the fault - it should reject if it is to comply with the IETF standard) and pass it inward, the mailserver then sends an error message to the "sender" and the same process occurs at the other end... Rate of messages depends on bandwidth - but you can expect at least 1/sec... Of course you can multiply it if you send it to a list of recipients.. :} cheers, Bret Technical Incursion Countermeasures consultingat_private http://www.ticm.com/ voice mail/fax: (+65)459 6373(UTC+8 hrs) The Insider - a e'zine on Computer security Call for papers Vol 3 Issue 2 http://www.ticm.com/info/insider/index.html
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:01:23 PDT