RE: Distributed spam-based DoS in progress

On Tue, 18 Feb 2003, Dave Hart wrote:

> > From: Hugo van der Kooij [mailto:hvdkooij@vanderkooij.org]

>From 4.5.5.:

   Implementors of automated email processors should be careful to make    sure that the various kinds of messages with null reverse-path are    handled correctly, in particular such systems SHOULD NOT reply to    messages with null reverse-path.

But the problem arises before that. If your server is set to accept message for non existing accounts you have a server that can be easily brought down.

If you do not accept these messages you do not have to send bounce messages. It will the task of the system that tried to hand them to you.

If you find yourself with a server with lots of waiting bounces your are likely (ab)used as relay and you have other fish to fry.

And from 6.1:

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

   When the receiver-SMTP accepts a piece of mail (by sending a "250 OK"    message in response to DATA), it is accepting responsibility for    delivering or relaying the message. It must take this responsibility    seriously. It MUST NOT lose the message for frivolous reasons, such    as because the host later crashes or because of a predictable    resource shortage.

Which seems to indicate you have to make sure your mailserver is up to the task.

Hugo.

-- 
 All email sent to me is bound to the rules described on my homepage.
    
hvdkooij(at)vanderkooij.org		
http://hvdkooij.xs4all.nl/
	    Don't meddle in the affairs of sysadmins,
	    for they are subtle and quick to anger.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: 
http://aris.securityfocus.com