[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

The penet compromise

To: [email protected]
Subject: The penet compromise
From: [email protected] (Paul J. Ste. Marie)
Date: Fri, 29 Jul 94 10:28:45 EDT
Cc: [email protected]
In-Reply-To: Roy M. Silvernail's message of Thu, 28 Jul 1994 22:40:39 CST <[email protected]>
Reply-To: [email protected]
Sender: [email protected]

> That lessens the probable impact of the return traffic to a rough
> multiplier of 10.  And given the time spread (my experiment yielded
> replies over 4 days), I don't know if this can be counted on to yield a
> denial-of-service attack.  (I suppose it's possible the perp might be
> trying to spam penet in the original sense, by trying to overrun
> arbitrary limits in the server)

I was thinking about this as I thought about the combination of
mail->news gateways such as anon.penet.fi and news autoresponders, and
it stuck me that a denial of service attack could be based on
including a *.test newsgroup in a Reply-To: header, causing the
autoreplies to get posted back into the *.test groups.

Some of the autoresponders seem to be set up to prevent this, others
not.  I don't know if anon.penet.fi is set up to prevent this sort of
regurgitation.

	--Paul

References:
- The penet compromise
  - From: [email protected] (Roy M. Silvernail)

Prev by Date: What kind of encryption to incorporate?
Next by Date: Re: The penet compromise
Prev by thread: The penet compromise
Next by thread: Re: The penet compromise
Index(es):
- Date
- Thread