[3156] in bugtraq
Re: mail storm
daemon@ATHENA.MIT.EDU (Sean B. Hamor)
Wed Aug 14 14:48:49 1996
Date: Tue, 13 Aug 1996 20:04:56 -0400
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: "Sean B. Hamor" <hamors@LITTERBOX.ORG>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <199608130824.JAA14011@ferrotec.ie>
On Tue, 13 Aug 1996, Roy Leonard wrote:
# list software may well be capable of stopping this. But surely it would be
# easier for the hacker to subscribe his enemy to N mailing lists? Is there
# any solution to this? Or do you simply hope that your users are friends
This is exactly what happened at newhackcity.net. Someone decided to take
revenge upon one of my users, and forged a subscription request from
newhackcity.net to the Netcom listserver. Fortunately, this forged
subscription request raised a red flag at Netcom (after all, who asks to be
subscribed to 2,000+ mailing lists in a single request?) and bounced back to
newhackcity.net, headers intact. After figuring out exactly why I received
this bounced back message, it was trivial tracking down the forger.
At least this shows that some listserv software protects against multiple
subscription requests in a single message.
Nothing is foolproof...fools are just too damn ingenious...
pub 2047/59209F85 1996/07/26 Sean B. Hamor <hamors@litterbox.org>
Key fingerprint = 85 DB 78 DB F8 C5 82 32 50 39 D0 53 B6 80 D7 CF
http://www.litterbox.org/~hamors/
