LSTOWN-L Archives

LISTSERV List Owners' Forum

LSTOWN-L
Options: Use Monospaced Font
Show Text Part by Default
Condense Mail Headers

Topic: [<< First] [< Prev] [Next >] [Last >>]

Parts/Attachments: text/plain (16 lines)
Print Reply
Sender:
LISTSERV list owners' forum <[log in to unmask]>
Date:
Wed, 16 Feb 2000 12:14:25 -0500
Reply-To:
LISTSERV list owners' forum <[log in to unmask]>
Content-type:
text/plain; charset=US-ASCII
Subject:
Re: Fwd: Risks of bouncing messages from closed e-mail lists
MIME-Version:
1.0
In-Reply-To:
<v04210115b4d074f7087d@[172.17.34.29]>
Content-transfer-encoding:
7BIT
From:
Paul Karagianis <[log in to unmask]>
 
On 16 Feb 00, at 10:24, Mike Yuhas quoted from Risks:

>However, there is a more serious vulnerability here: infinite loops
>between two or more closed lists.
>
>If an attacker forges the originating address of a closed list that sends
>back automated rejection notes to another closed list that sends back
>automated rejection notes, then each forged message will generate a
>mailstorm as a function of the speed of the servers in sending bounce
>messages to each other.

Listserv is RFC1123 compliant and bounces with a null "return-path"
that it won't bounce to if it's also on the receiving end.  Right?

                                                    -Kary

ATOM RSS1 RSS2