[7769] in bugtraq
Re: News DoS using sendsys
daemon@ATHENA.MIT.EDU (David Shaw)
Thu Aug 27 12:07:35 1998
Date: Thu, 27 Aug 1998 09:32:26 -0400
Reply-To: David Shaw <dshaw@JABBERWOCKY.COM>
From: David Shaw <dshaw@JABBERWOCKY.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <m3yasbwe2d.fsf@windlord.Stanford.EDU>; from Russ Allbery on Wed,
Aug 26, 1998 at 03:52:58PM -0700
On Wed, Aug 26, 1998 at 03:52:58PM -0700, Russ Allbery wrote:
> There are several possible solutions at different levels of complexity.
>
> First, please make sure that your control.ctl file or the equivalent has a
> line like:
>
> sendsys:*:*:drop
While you're at it, it might be worth adding:
senduuname:*:*:drop
version:*:*:drop
I suspect that once everyone configures their server to stop responding to
sendsys, the bombers will switch to senduuname and version. I have
already seen a hundred "version" requests come in. Neither version nor
senduuname are relevant to the overwhelming majority of INN installations
out there.
David
--
David Shaw | dshaw@cs.jhu.edu | WWW http://www.cs.jhu.edu/~dshaw/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson
