[33559] in bugtraq
Re: Decompression Bombs
daemon@ATHENA.MIT.EDU (Chris Green)
Tue Feb 10 04:32:43 2004
To: myrond@xyxx.com
Cc: "David Bachtel" <dave@realtimegaming.com>,
"Matthias Leu" <mleu@aerasec.de>, bugtraq@securityfocus.com
From: Chris Green <cmg@dok.org>
Date: Mon, 09 Feb 2004 13:13:44 -0500
In-Reply-To: <3867.209.193.18.88.1076144048.squirrel@mail.xyxx.com> (Myron
Davis's message of "Fri, 6 Feb 2004 23:54:08 -0900 (AKST)")
Message-ID: <m2r7x45dev.fsf@catbert.dok.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
"Myron Davis" <myrond@xyxx.com> writes:
> Theoretically one could modify a worm to send random zip'd files of zeros
> along the way to different hosts to really kill the destinations
> computers.
>
Is this all just back to fail open/fail closed? I have a file that
will cause XXX virus scanner to crash. Does the SMTP agent view that
as a reason to reject the email or does it pass it through?
If it does a temporary rejection message because of some internal
failure, the infection rateof these messages becomes very low. Not
sure how virus scanners + SMTP servers interact with regards to
tradition SMTP errors.
It would be an effective anti-cleanup method though.
--
Chris Green <cmg@dok.org>
Fame may be fleeting but obscurity is forever.
