Greetings! On 13 May 2003 08:35:25 +0200 Nicolas Gregoire <ngregoireat_private> wrote: > On Mon, 2003-05-12 at 05:39, perat_private wrote: > > > * Zip-Of-Death. Make one huge (a couple of gigabytes) file and fill > > it with homogenous data, for instance only the character "a". Zip > > it. This will construct of a file that says "this files contains of > > 10(8) a:s" that is very small. Most modern mail content systems > > handles this today, some older might not. > > You should give a look to a file known as 42.zip : > http://www.securityfocus.com/bid/3027/exploit/ > > "42.zip: ZIP archive, 42K, composed of nested zips (nested 6 levels > deep, each level 17 wide) - produces a file 4GB in size and will > reportedly crash 'most email virus checkers'" 16 items each (not 17), 6 levels = 16^6 - giving 4 TB (TeraByte), not smallish Giga's... ;-) For Trend InterScan VirusWall solved in 2001/2002 - now it seems Trend unpacks the archive one file a time instead of unpacking all. Before Trend unpacked all. When that filled the disk, it removed the temp file and started over, effectively blocking one scanning thread. To block the Trend ISVW you'd had to send (quite) a number of those Monster42.ZIPs all simultaneously. Bye Volker Tanger IT-Security discon gmbh DeTeWe AG & Co. KG Fon +49 30 6104-3307 Fax +49 30 6104-3435 http://www.detewe.de/ -- ------------------------------------------------------------------- Besuchen Sie unsere neuen Internet-Seiten http://www.detewe.de . Neues Highlight: Wunschproduktberater fuer den Home & Office-Bereich. Visit our new Internet Pages on http://www.detewe.de . Our Highlight: Online Product Adviser for Home & Office. (Currently available in German only) --------------------------------------------------------------------------- *** Wireless LAN Policies for Security & Management - NEW White Paper *** Just like wired networks, wireless LANs require network security policies that are enforced to protect WLANs from known vulnerabilities and threats. Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs. To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-pen-test ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed May 14 2003 - 08:31:05 PDT