1996-07-18 - Re: Defend Mail Bomb

Header Data

From: Bill Stewart <stewarts@ix.netcom.com>
To: Jerome Tan <jti@i-manila.com.ph>
Message Hash: fb1e5bb1180448875db85a045b0b808bdbfb3207732c180ba2bb0585662d66dd
Message ID: <199607180615.XAA12443@toad.com>
Reply To: N/A
UTC Datetime: 1996-07-18 09:05:24 UTC
Raw Date: Thu, 18 Jul 1996 17:05:24 +0800

Raw message

From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 18 Jul 1996 17:05:24 +0800
To: Jerome Tan <jti@i-manila.com.ph>
Subject: Re: Defend Mail Bomb
Message-ID: <199607180615.XAA12443@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:25 PM 7/14/96 +0800, you wrote:
>Is it possible to defend mail bomb? If not, detect who they are?

Mail bombs are hard to defend against.  If your company or ISP
has a firewall or mail server that handles their incoming email,
it can potentially be configured to block mail from known harassers,
but it's much harder to do if automatically - ten megabytes of binary
data might be mailbombs, or might be the CAD/CAM file that your
engineering department wanted.

If the mailbombs are all coming from one place, over a period of time,
you can often look at the headers and track down where they came from,
and contact the administrators of the machines the mail came from
to ask them to stop the problem.  But if the attacker is good,
this requires looking at large numbers of log-files, and many administrators
aren't willing to do this except for serious on-going problems.

If the mailbombs are coming from anonymous remailers, most remailer
operators are happy to put you on their block list, to block further
anonymous mailbombs.

#				Thanks;  Bill
# Bill Stewart +1-415-442-2215 stewarts@ix.netcom.com
# http://www.idiom.com/~wcs
#				Confuse Authority!






Thread