cc:mail trivial DoS attack - self mailbombing.

From: Alan Brown (alanat_private)
Date: Wed Sep 15 1999 - 10:35:50 PDT

Next message: Patrick Oonk: "[security-officerat_private: FreeBSD Security Advisory:"

Previous message: Johannes Erdfelt: "Re: ACK/th_win portscanning"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This seems to work on most cc:mail installations

Send mail to postmaster@[x.x.x.x] where x.x.x.x is the IP address of the
server.

In most cases, the machine will mailbomb itself into the ground
with undeliverable mail messages.

For bonus points, use a bogus, undeliverable sender envelope and watch
it crash even faster.

In some cases, postmasterat_private will have the same effect, depending
how badly setup the server is.

Script kiddies may like to have fun by using a sender envelope belonging
to someone else. One case I've seen resulted in the machine sending over
5800 "postmaster: No such user" errors for one message sent to it.

AB

Next message: Patrick Oonk: "[security-officerat_private: FreeBSD Security Advisory:"
Previous message: Johannes Erdfelt: "Re: ACK/th_win portscanning"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:04:12 PDT