[7763] in bugtraq
Re: News DoS using sendsys
daemon@ATHENA.MIT.EDU (Guezou Philippe)
Wed Aug 26 20:48:42 1998
Date: Wed, 26 Aug 1998 14:04:28 -0400
Reply-To: Guezou Philippe <fifi@CAM.ORG>
From: Guezou Philippe <fifi@CAM.ORG>
X-To: Walter Hafner <hafner@in.tum.de>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <13795.55895.155103.975354@hprbg5.informatik.tu-muenchen.de>
We notice the same problem/attack few weeks ago. We were flooded by
newsfeed request from single users. We were receiving these mails at a
rate of 30/40 per minutes during 5 days.
Our news server as the same configuration as Walter Hafner, concerning
executions of controls messages.
We were unable to find the guy who issue these attacks.
Guezou Philippe fifi@cam.org
Net. System. Admin.
On Wed, 26 Aug 1998, Walter Hafner wrote:
> I think we (a local ISP in Augsburg/Germany ...) are hit by an DoS that
> wasn't described here before:
>
> Our newsserver (INN) all of a sudden gets several 100 'sendsys' requests
> per day. The addresses of the people requesting the sendsys seem to be
> completely random. They all seem to be normal user-accounts. We see
> these sendsys requests for about a week now.
> Fortunately, this DoS is very easy to stop: Just make sure, that the
> Newsserver doesn't reply to a 'sendsys' automatically.
BTW, I think that this attitude is the default one.
> -Walter
