Re: Abort data transfer?


John R Levine wrote:

I guess the thing is that it COULD be used as a DoS attack -
There's lots of things COULD be used as an attack. The fact that it'snever happened in 30 years suggest this is not one worth worrying about.

Unfortunately, that same attitude was applied to accept/bounceattacks. Small or rare enough that operators can handle it by hand.

That is until 18-20 or so years later when the 2003 SORBIG dual blitzoffense accept/bounce attacks woke up the industry in 2003.

Just consider that if a hacker is reading this list, he is finding outpretty quickly that many systems are vulnerable to this form of verylarge or never ending DATA payload attacks. Systems that not preparefor it and don't have people available to handle it "by hand" will beshutdown.


So even if is rare, it does not mean it should be ignored.

--
Sincerely

Hector Santos
http://www.santronics.com

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Abort data transfer?, (continued) Re: Abort data transfer?, David MacQuigg Re: Abort data transfer?, Sabahattin Gucukoglu Re: Abort data transfer?, Hector Santos Re: Abort data transfer?, Paul Smith Re: Abort data transfer?, David MacQuigg Re: Abort data transfer?, John Levine Re: Abort data transfer?, Arnt Gulbrandsen Re: Abort data transfer?, John R Levine Re: Abort data transfer?, Paul Smith Re: Abort data transfer?, John R Levine Re: Abort data transfer?, Hector Santos <= Re: Abort data transfer?, ned+ietf-smtp Re: Abort data transfer?, John R Levine Re: Abort data transfer?, Alessandro Vesely Re: Abort data transfer?, David MacQuigg RE: Abort data transfer?, Murray S. Kucherawy Re: Abort data transfer?, David MacQuigg Re: Abort data transfer?, Hector Santos RE: Abort data transfer?, Murray S. Kucherawy Re: Abort data transfer?, Dave CROCKER RE: Abort data transfer?, ned+ietf-smtp