[3127] in bugtraq
Re: mail storm
daemon@ATHENA.MIT.EDU (Arik Baratz)
Tue Aug 13 04:27:31 1996
Date: Tue, 13 Aug 1996 11:05:30 +0300
Reply-To: Arik Baratz <4z9dge@4z9dge.ampr.org>
From: Arik Baratz <arikb@ccarik.technion.ac.il>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <Pine.SOL.3.91.960812203208.3984A-100000@bingy.acs.uci.edu>
On Mon, 12 Aug 1996, Dan Stromberg wrote:
> If this "attack" is feasible, it would seem the most effective
> defense is to use only mailing list software, that requires a
> magic-cookie authenticated response from subscribers.
How about a "Standard" cure: make sure EVERY mailing list includes some
special header in file it sends, and NEVER accept mail which contains that
header. I have seen X-Loop: used for this, but not for all the lists I've
seen.
There should be an exception - for list exploders.
--------------------------------------------- ....- --.. ----. -.. --. .
Arik Baratz, Regularus Studentus, iNTP, 4Z9DGE
---------------------------------------------------------------------------
http://ccarik.technion.ac.il/~arikb
finger arikb@aluf.technion.ac.il for PGP key.
