On May 26, 2004, at 12:51 PM, David Brodbeck wrote:
On Wed, 26 May 2004, Theo Schlossnagle wrote:
The point is that they no longer need a "zombie group" nor do they
need
to compromise machines. Instead, you've decided to offer a service
that allows them to have you beat the crap out of some innocent
victim.
I'm sure I'm missing something here. To be an effective DoS method,
CBV
would have to have a multiplier effect. Since you have to create an
SMTP
session to the machine doing CBV every time you want it to connect to
the
machine you're trying to DoS, I don't see the multiplier effect here.
You
could get exactly the same effect just by connecting directly to the
machine you're trying to DoS.
Though common, that actually that is not a requirement. DDoS simply
stands for distributed denial of service. So, the only factors are
that it is distributed and that it denies service.
You are correct in that amplification is a great characteristic to make
the system more damaging, but it isn't essential. I can open 100,000
connection right now from my FreeBSD workstation and start SMTP
sessions to 50,000 different providers that support mailfrom CBV. If I
sent two email to each from:
MAIL FROM:<user(_at_)victimdomain1(_dot_)com>
and
MAIL FROM:<user(_at_)victimdomain2(_dot_)com>
it would cause 50,000 CBV checks against each domain all coming from
different mail servers. That qualifies as a DDoS.
// Theo Schlossnagle
// Principal Engineer -- http://www.omniti.com/~jesus/
// OmniTI Computer Consulting, Inc. -- http://www.omniti.com/
// Ecelerity: fastest MTA on Earth