[11718] in bugtraq
Re: I found this today and iam reporting it to you first!!! (fwd)
daemon@ATHENA.MIT.EDU (Jamie A. Lawrence)
Tue Sep 7 14:58:26 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19990904135336.B12209@stage1.thirdage.com>
Date: Sat, 4 Sep 1999 13:53:36 -0700
Reply-To: "Jamie A. Lawrence" <jal@THIRDAGE.COM>
From: "Jamie A. Lawrence" <jal@THIRDAGE.COM>
X-To: Technical Incursion Countermeasures <lists@TICM.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <3.0.3.32.19990902222455.031374f0@localhost>; from Technical
Incursion Countermeasures on Thu, Sep 02, 1999 at 12:01:40PM -0700
On Thu, Sep 02, 1999 at 12:01:40PM -0700, Technical Incursion Countermeasures wrote:
> You can do a variation on this one (well sort opf - is a logstanding prob)
>
> basically find two sites whose FW is conf'd to accept all mail and forward
> it to the real mailserver. If this mailserver bounces invalid addresses
> then you're on your way...
>
> spoof a mail from an invalid address on one end to an invalid address on
> the other. and sit back..
>
> the first site will accept the mail (this is the fault - it should reject
> if it is to comply with the IETF standard) and pass it inward, the
> mailserver then sends an error message to the "sender" and the same
> process occurs at the other end...
On properly configured systems, this shouldn't be any big deal.
Assuming the MTA on one end or the other doesn't detect the
double bounce and kill it, you'll only rebound 30 or so times
(loop detection varies by configuration).
There are far worse DoS's out there...
-j
