lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20040401194651.5D7427F35@mail-terminator.cudeso.be>
From: koen4security at hotmail.com (Koen)
Subject: Block notification / bounce mails (as in DDOS)

Tomasz Konefal wrote:
>   first off, the From: header would not normally be the one emails get 
> bounced to.  rather, it would be the "MAIL FROM" envelope header.  in 
> any case, my 'solution' would be to temporarily drop all mail destined 
> to this deluged account to /dev/null and set up a new account for the 
> busted user.  you could alternatively set up a "user relocated" reply on 
> the server or just kill the account altogether and send responses of "no 
> such local user".  you get the general idea.  not a great solution, but 
> only one person's email is crapped out instead of everyone's.  when the 
> DDoS looks like it's petering away you can set up an alias from the old 
> to the new account to reenable legitimate mails to get to the user.

Hi,
A "user relocated" reply would only increase the problem. The problem isn't 
limited to one mailbox or user-account but rather to "all" mailboxes.
Thanks anyway

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ