From: Alan Olsen <alano@teleport.com>
Date: Sat, 13 Jan 1996 08:41:29 +0800
To: abostick@netcom.com (Alan Bostick)
Subject: Re: Novel use of Usenet and remailers to mailbomb from luzskru@cpcnet.com
Message-ID: <2.2.32.19960113002203.00906fc0@mail.teleport.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:25 PM 1/12/96 GMT, John Lull wrote:
>On Fri, 12 Jan 1996 10:55:12 -0800, you wrote:
>
>> Cypherpunks:  is there any way to respond to, or prevent, this sort of
>> attack short of actually shutting down the remailer?  
>
>Yes, very simply.
>
>The remailer could calculate a hash for the body of each encrypted
>message received (the same portion which will be decrypted by PGP),
>tabulate the last few thousand hashes, and simply discard any messages
>with a duplicate hash.  The target of the attack would receive only
>the first copy of the message.

I am afraid it is not that simple.  Remember that the mailbombing consists
of many, many horny little geeks responding to a single message.  They are
replying to the same message (and probibly adding a few "me too!" lines),
not mailing the same one over and over again.

Another idea would be to keep a md5 (or other) hash list of the reply block
used and have a disabled list for such spam attacks.  (Unfortunatly this
requires code, thus time.)

Pretty nasty variation on a "denial of service" attack.  What next?  Fake
"David Rhodes does e-cash" messages with the target's e-mail address? 

Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction
        `finger -l alano@teleport.com` for PGP 2.6.2 key 
              http://www.teleport.com/~alano/ 
       "Is the operating system half NT or half full?"