Subscription bomb tracing - feature request.

Subject: Subscription bomb tracing - feature request.
From: Alan Brown (alanMANAWATU.GEN.NZ)
Date: Mon Jan 03 2000 - 20:15:22 CST

• Next message: Sonny Parlin: "Flaw in 3c59x.c or in Kernel?"
• Previous message: der Mouse: "Re: Symlinks and Cryogenic Sleep"
• Next in thread: M. Dodge Mumford: "Re: Subscription bomb tracing - feature request."
• Reply: M. Dodge Mumford: "Re: Subscription bomb tracing - feature request."
• Reply: Brian Mueller: "Re: Subscription bomb tracing - feature request."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

There have been quite a few subscribe bombs tossed around recently.

While it's nice to see that most mailing list admins use confirm
requests now, it would be a great help if the confirm requests contained
at least the headers of the original request, to aid victims in tracing
their attacker(s).

One attack recently notified to ORBS attempted to sign the victim up to
26,000 different lists via insecure email relays.

The confirmation requests alone constituted a fairly substantial denial
of service attack, as did the huge number of bounces the victim got.

I've only ever seen one mailing list which actually showed where the
signup request came from. Times are still changing and adding an audit
trail would make life easier all round.

AB

• Next message: Sonny Parlin: "Flaw in 3c59x.c or in Kernel?"
• Previous message: der Mouse: "Re: Symlinks and Cryogenic Sleep"
• Next in thread: M. Dodge Mumford: "Re: Subscription bomb tracing - feature request."
• Reply: M. Dodge Mumford: "Re: Subscription bomb tracing - feature request."
• Reply: Brian Mueller: "Re: Subscription bomb tracing - feature request."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Tue Jan 04 2000 - 14:33:44 CST