1994-07-29 - The penet compromise

Header Data

From: pstemari@bismark.cbis.com (Paul J. Ste. Marie)
To: roy@sendai.cybrspc.mn.org
Message Hash: 66231939cb8ec5a2e04bbb389e36700b099ffe61761a97aa1df615b834f49c5f
Message ID: <9407291428.AA28858@focis.sda.cbis.COM>
Reply To: <940728.224039.3x8.rusnews.w165w@sendai.cybrspc.mn.org>
UTC Datetime: 1994-07-29 14:29:23 UTC
Raw Date: Fri, 29 Jul 94 07:29:23 PDT

Raw message

From: pstemari@bismark.cbis.com (Paul J. Ste. Marie)
Date: Fri, 29 Jul 94 07:29:23 PDT
To: roy@sendai.cybrspc.mn.org
Subject: The penet compromise
In-Reply-To: <940728.224039.3x8.rusnews.w165w@sendai.cybrspc.mn.org>
Message-ID: <9407291428.AA28858@focis.sda.cbis.COM>
MIME-Version: 1.0
Content-Type: text/plain

> That lessens the probable impact of the return traffic to a rough
> multiplier of 10.  And given the time spread (my experiment yielded
> replies over 4 days), I don't know if this can be counted on to yield a
> denial-of-service attack.  (I suppose it's possible the perp might be
> trying to spam penet in the original sense, by trying to overrun
> arbitrary limits in the server)

I was thinking about this as I thought about the combination of
mail->news gateways such as anon.penet.fi and news autoresponders, and
it stuck me that a denial of service attack could be based on
including a *.test newsgroup in a Reply-To: header, causing the
autoreplies to get posted back into the *.test groups.

Some of the autoresponders seem to be set up to prevent this, others
not.  I don't know if anon.penet.fi is set up to prevent this sort of