Login or Register to Ask a Question and Join Our Community


IP Networking

What's a Mailbomber? and what

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums IP Networking What's a Mailbomber? and what
# 8  
Old 02-07-2003
Yes, we sent them an email days ago. No reply.

Aus, the mailbomb you describe is one of many kinds of mailbombs. Most mail servers are now set up to limit the size of accepted files. To circumvent this, bomber send many small messages, to the same or similar effect.

However, it is easy and simple to launch many email-based denial of service attacks... the list is large and grows larger every month....
# 9  
Old 02-08-2003
The "Zip of Death" is still a problem today. I can't remember the exact numbers, but you can somehow create a ~32k file that uncompresses to several gig. I've seen it crush mail servers that run AV software that tries to blindly unzip it to scan it.

Also, although difficult, TCP can be tampered with. You have to spoof the source address, and try to predict how the victim will respond so that you can send acceptable responces. This attack has been used in the wild for several years now, and automated tools do exist (think Mitnick vs. Shimomura - they injected commands to open up rsh to all users from all hosts this way). I have played with a few of these tools in the past, and have been able to follow telnet sessions, and inject my own commands (note that this was on my own network, so I wasn't doing this to someone else). I understand that this is doubtful in your situation, and you most likely have the correct people, but just because TCP is "connection oriented" it does not make it tamper-proof.
# 10  
Old 02-09-2003
Hundreads of thousands of email bombs with sustained TCP connections from a single IP address are not hijacked TCP sessions Smilie

TCP session hijacking is not used to launch four days of mailbombing....... it is used to hijack independent TCP sessions.

Mailbombs normally have many sessions open at one time.... I am sorry to be so direct, but when I say that IP address blah.blah.blah is launching mailbombs you can be assured that it is..... these are not hijacked special cases of exotic TCP IP session hijacking...

As soon as we blocked the single offensive IP address (visible in lsof and netstat, continuously for days) , the bombs stopped ....

geeezzzz Smilie
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

What are the differences between 'bash' and 'sh'

Hopefully this doesn't come off as too much of a "newbie" question or a flamebait. But I have recently begun working with a Sun Solaris box after having spent the past five years working with RedHat. From what i can tell, thing look fairly similar and the 'man' command is some help. But I've... (7 Replies)
Discussion started by: deckard
7 Replies

2. UNIX for Advanced & Expert Users

How to remove a file with a leading dash '-' in it's name?

Somehow someone created a file named '-ov' in the root directory. Given the name, the how was probably the result of some cpio command they bozo'ed. I've tried a number of different ways to get rid of it using * and ? wildcards, '\' escape patterns etc.. They all fail with " illegal option --... (3 Replies)
Discussion started by: GSalisbury
3 Replies

3. Email Antispam Techniques and Email Filtering

Procmail recipe: blocking 'unsubscribe and opt-out' messages....

Here is a crude procmail recipe that I quickly created (NOT a procmail recipe expert, btw) that has been catching lots of spam (current second after the charset_spam recipe posted earlier): :0B * .*If.you.do.not.wish.to.receive...* more_spam :0B * You.requested.to.receive.this.mailing... (0 Replies)
Discussion started by: Neo
0 Replies

4. IP Networking

BELKIN 'F5D5020' 16bit PCMCIA - FreeBSD HOWTO

Hey all, I've bought a few bits from Belkin who seem quite happy to support FreeBSD! Last time I bought a UPS from them and it's still going well :D I saw this on their website that the 16bit PCMCIA card was supported under FreeBSD: http://www.belkin.com/network/F5D5020.html I went to my... (0 Replies)
Discussion started by: WIntellect
0 Replies

5. UNIX for Dummies Questions & Answers

quoting echo 'it's friday'

echo 'it's friday' why appear the > (3 Replies)
Discussion started by: yls177
3 Replies

6. UNIX for Dummies Questions & Answers

HELP! The '/var/adm/message' file increase every few seconds???

Hi, guys, I have a big problem. I've got a sun solaris 4.1.4 workstation, and the /var/adm/message file will add one row every few seconds. It becomes a large file in a short time. I wander if there are some mistakes configuring the workstation. the /var/adm/message is as follow: ... (3 Replies)
Discussion started by: cloudsmell
3 Replies

7. UNIX for Advanced & Expert Users

Terminal 'Local Echo' lost on Modem Dial-out

Can anybody help me? I am developing a utility for automating message paging to a BT alphanumeric pager. I am using a USR 56K Fax-modem connected to /dev/cuab on a Sun Ultra-10. I am using the UNIX 'tip' utility to connect to the modem and I have configured the modem as follows: Baud Rate:... (2 Replies)
Discussion started by: mybeat
2 Replies

8. Shell Programming and Scripting

Clearify what it means under 'WHAT' when hit the 'w'-command

I wonder how I shall read the result below, especially 'what' shown below. The result was shown when I entered 'w'. E.g what is TOP? What is gosh ( what does selmgr mean?)? login@ idle JCPU PCPU what 6:15am 7:04 39 39 TOP 6:34am 6:45 45 45 TOP 6:41am ... (1 Reply)
Discussion started by: Aelgen
1 Replies

9. Programming

i can't use 'make' in my computer?

I need to compile a file,but 'make' does not work.please tell me how to use it or need which tools? (3 Replies)
Discussion started by: dsun5
3 Replies

10. UNIX for Dummies Questions & Answers

How to subtract 2 hours from 'date' in shell ( /bin/sh ) script ?

I write a sh script that zip and copy to tape all files that older then 2 hours. 1. The way I choose is - touch a file with "now - 2 hours", then use fine with '! -newer' 2. Do you have any other idea to do it ? tnx. (1 Reply)
Discussion started by: yairon
1 Replies
Login or Register to Ask a Question