In <20040416224910(_dot_)GE5373(_at_)dumbo(_dot_)pobox(_dot_)com> Meng Weng
Wong <mengwong(_at_)dumbo(_dot_)pobox(_dot_)com> writes:
On Fri, Apr 16, 2004 at 03:55:37PM -0500, Dustin D. Trammell wrote:
|
| http://www.techzoom.net/paper-mailbomb.asp
Next I expect to see researchers announce that water is wet, beer makes
people drunk, and soldiers get killed in battle.
Some of the stuff in the paper showed a certain level of naivety about
email (reply-to:'s are where DSNs are sent? "NDN" instead of DSN?
This attack isn't already well know? etc.)
However, I liked their analysis of the situation. In particular, the
calculations of the amount of data the attacker had to generate
compared with the amount of data that would get sent to the victim is
right on target. It is the amplification factor that is key to this
kind of attack.
This is exactly the kind of DoS analysis that needs to be done with
SPF to make sure that both MTAs that use SPF can't be attacked, but
also that SPF checks can't be used to attack others.
-wayne