[99] in bugtraq
Re: Stupid crackers exploiting stupid users
daemon@ATHENA.MIT.EDU (pluvius)
Tue Oct 25 18:23:26 1994
Date: Tue, 25 Oct 1994 16:32:00 -0400 (EDT)
From: pluvius <pluvius@dragon.achilles.net>
To: Charles Howes <chowes@helix.net>
Cc: der Mouse <mouse@Collatz.McRCIM.McGill.EDU>, bugtraq@fc.net,
dfloyd@paris.eng.utsa.edu, root@helix.net, root@sfu.ca
In-Reply-To: <Pine.SUN.3.90.941023191646.5984F-100000@trance.helix.net>
> > I'm sending a copy to root@sfu.ca so that (a) vanepp probably gets it,
> > and (b) if vanepp's mail is being stolen somehow that I can't see
> > through VRFY and EXPN, the other roots there can deal with it.
>
> The cracker just wants to mailbomb vanepp. He's done it before, he'll
> do it again. Just not from *my* site, if I have anything to say about
> it.
>
> Does ANYBODY have any code that will limit the number of messages a
> single user can send per day?? Or any other code to detect mail
> bombs? Sending 5 identical messages to different addresses? (Or the
> same address, for that matter..)
oh that's grand, you want to hack telnet so that it checks the
destination port and after x numbers of connects to a smtp port it sais
"sorry, you can't send any more mail".
a hell of a lot better solution is to get affected sites to install
sendmail 8.6.9 because the brialliant crackers who are doing this are
clearly too inept to spoof identd - i'm sure a 'helo user@host' will give
them the willies and get them to lay off
