[205] in Intrusion Detection Systems
RE: IDS Mail Loop (Motorola's fault too)
daemon@ATHENA.MIT.EDU (Heiser Jay)
Tue May 16 15:21:06 1995
Date: 16 May 1995 10:55:26 U
From: "Heiser Jay" <heiser_jay@po.gis.prc.com>
To: ids@uow.edu.au
Reply-To: ids@uow.edu.au
Its normal for a .vacation type service to keep a list of all the mail
correspondents that it has automatically notified about the changed status of
the recipient and to only respond to them once.
If this user's system was doing such a thing, I don't believe that this endless
loop would have occured. For what its worth, I don't think its the
responsibility of the list processor to prevent this, its the responsibility of
the user system.
This should be an interesting example for us as a denial of service problem.
;-) What would have happened if several accounts were doing this
simultaneously? I don't know how many people at my company subscribe to this
list, and its probably coincidental that our smtp gateway crashed yesterday
under a heavy load.
________________________________________________________
From: ids@uow.edu.au on Tue, May 16, 1995 10:17 AM
Subject: IDS Mail Loop Problems
To: Intrusion Detection System Mailing List
Like most of you are already aware that IDS has been flooding users with
mail (Message about Wayne Walker having left motorola etc). It appears
mail was sent by ids@uow.edu.au to wwalker@mot.com, which was being
automatically responded by daemon@hpmail2.fwrdc.rtsg.mot.com (assume
this was Wayne Walkers mail host).
Anyway the mail host was replying back to ids which then sent out another
copy back to wwalker (and everyone on the list).
Unfortunately this is a problem with mailing lists in general, the only
real solution (well not entirely could setup a message cache and check for
duplicating mail message bodies etc) to stop users from the effects of
mail loops is to make the list moderated. Something I decided I was
against.
Unfortunately it happened on a weekend to make things worse I was not at home,
and so couldn't remove the offending subscriber's address until it had already
been blocked by motorola.
I apologize for the inconvenience.
For those who have been asking for a digest to be setup, please email me
<ruf@cs.uow.edu.au> with body: subscribe ids-digest and I will add you
to my list.
--
+---------------------+--------------------------------------------------+
| ____ ___ | Justin Lister ruf@cs.uow.edu.au |
| | \\ /\ __\ | Center for Computer Security Research |
| | |) / \_/ / |_ | Dept. Computer Science voice: 61-42-214-327 |
| | _ \\ /| _/ | University of Wollongong fax: 61-42-214-329 |
| |_/ \/ \_/ |_| (tm) | Computer Security a utopian dream... |
| | Disclaimer: dreaming is at own risk |
+---------------------+--------------------------------------------------+
------------------ RFC822 Header Follows ------------------
Received: by po.gis.prc.com with SMTP;15 May 1995 10:00:24 U
Received: (from daemon@localhost) by wyrm.cc.uow.edu.au (8.6.11/8.6.11) id
BAA21961 for ids-outgoing; Mon, 15 May 1995 01:47:09 +1000
Message-Id: <m0sAfVf-0005qCC@osiris>
From: ruf@osiris.cs.uow.edu.au (Justin J. Lister)
Subject: IDS Mail Loop Problems
To: ids@uow.edu.au (Intrusion Detection System Mailing List)
Date: Mon, 15 May 1995 01:23:09 +1000 (EST)
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Content-Length: 1721
Sender: owner-ids@uow.edu.au
Precedence: bulk
Reply-To: ids@uow.edu.au
