LISTSERV - LSTSRV-L Archives - COMMUNITY.EMAILOGY.COM

LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L

	LISTSERV Archives
	LSTSRV-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: virus forging a list name

James Morrill <[log in to unmask]>

Fri, 5 Mar 2004 14:30:08 -0600

TEXT/PLAIN (51 lines)

Ok, thanks - this was a bad example.  I'm not really worried about a DOS
attach or disk space the autodel files uses - that was just the first
thing I thought of when it was suggested that LISTSERV was *supposed*
to work this way.

What I am worried about is LISTSERV adding e-mail addresses to the
autodel file that aren't subscribed to the list in the first place and
then the querries I get from those owners wondering why LISTSERV is
tracking those people.  This jsut started happeing in the last week (or
at least that's when I started noticing it) and it seems like something
that should be happening all over the LISTSERV world - unless you've all
already fixed it and I missed that. :-)

It may not come across well in e-mail but I really do appreciate
everyone's comments - when I question what you are saying I'm just
trying to learn.

On Fri, 5 Mar 2004, Valdis Kletnieks wrote:

> On Fri, 05 Mar 2004 12:36:04 CST, James Morrill <[log in to unmask]>  said:
> > But these people aren't subscribe to the list - why should LISTSERV try
> > to delete them from a list they aren't subscribed to?  This seems like
> > a HUGE denial of service hole - if someone could add millions of e-mail
> > addresses and have each of my lists try to monitor them to see if they
> > should be deleted.
>
> Note that this is backwards - what you're seeing is lots of bounces each adding
> a single record to a file, and keeping count of how many times that address has
> been seen.
>
> So to add millions of e-mail addresses, the attacker would have to pound your
> machine with millions(*) of forged bounce messages - at which point the overhead
> of actually updating the .AUTODEL file is the *least* of your worries.  You get
> that sort of volume, you have a DoS hole in any case.
>
> (*) Yes, I know you can be creative with the contents of an MDN and add multiple
> addresses per message - the point is that "just throw it away" is almost the same
> resource consumption as "log one address" and "log 100 addresses".
>
> If you're worried about the disk consumption of the autodel file, consider how
> many bytes each record in the autodel takes, and then look at how many lines
> got written to the listserv log... ;)
>
>

   ====================================================================
 James Morrill  office: Hale 11, 785-532-4909 www-personal.ksu.edu/~james
             We see a world of wonder, with a holy fingerprint
     But we only know a sliver, of the love of God in it. - Hokus Pick
   ====================================================================

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM