[3121] in bugtraq
Re: mail storm
daemon@ATHENA.MIT.EDU (Dan Stromberg)
Tue Aug 13 02:10:18 1996
Date: Mon, 12 Aug 1996 20:47:14 -0700
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: Dan Stromberg <strombrg@hydra.acs.uci.edu>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <320FD2CB.35CF@hydra.acs.uci.edu>
On Mon, 12 Aug 1996, Dan Stromberg wrote:
> Imagine the hacker picks 2n mailing lists, subscribing the i'th to the
> (i+n)th and the (i+n)th to the i'th, subscribing that person they really
> don't like to the 0..n-1'th, and finally, forging one message to each of
> the 0..n-1'th.
Apologies; I got ahead of myself.
I suppose the scenario above is linear growth, tho unbounded -
barring the possibilty of a hop count taking effect.
For exponential growth, it would most likely be necessary for list i to
be subscribed to the i+n'th 2 or more times. The i+n'th could then be
subscribed to the i'th as few as one time - just so long as there's
feedback, and a doubling (or more) in at least one place.
My intuition is that even if a hop count did kick in, 2^h messages could
still be enough to cause substantial trouble, even for a hop count (h) as
low as 15. I suspect many machines have a hop count of 25 or so.
Also, I perhaps should have indicated: I've intended "i" to take on
values 0..n-1.
If this "attack" is feasible, it would seem the most effective
defense is to use only mailing list software, that requires a
magic-cookie authenticated response from subscribers.
