From owner-freebsd-security  Mon Oct 29 15: 7: 2 2001
Delivered-To: freebsd-security@freebsd.org
Received: from R181172.resnet.ucsb.edu (R181172.resnet.ucsb.edu [128.111.181.172])
	by hub.freebsd.org (Postfix) with ESMTP id E236C37B401
	for <freebsd-security@FreeBSD.ORG>; Mon, 29 Oct 2001 15:06:59 -0800 (PST)
Received: from localhost (mudman@localhost)
	by R181172.resnet.ucsb.edu (8.11.6/8.11.6) with ESMTP id f9TN9Xa16148;
	Mon, 29 Oct 2001 15:09:33 -0800 (PST)
	(envelope-from mudman@R181172.resnet.ucsb.edu)
Date: Mon, 29 Oct 2001 15:09:32 -0800 (PST)
From: Dave <mudman@R181172.resnet.ucsb.edu>
To: Brandon Harper <lists-inet@booms.net>
Cc: <freebsd-security@FreeBSD.ORG>
Subject: RE: AntiVirus Replies [was: VIRUS IN YOUR MAIL]
In-Reply-To: <NHELLMIEFPEHAFGOIAGFAEKPDHAA.lists-inet@booms.net>
Message-ID: <Pine.BSF.4.33.0110291459130.16136-100000@R181172.resnet.ucsb.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

> > it would be a good thing for somebody to be able to DoS a list by
> > sending a little virus and firing off 250 autoresponders?
> >

[snip]

> 2.) E-mail has very small performance hit.  I won't really elaborate on this
> one since its rather obvious.  I've worked on some RedHat boxes that weren't
> anything terribly special handling 100+ messages (both incoming and

There is a performance hit that is latent that you are not looking at.
Since most of us are computer people, we get into the habit of analyzing
efficiency issues with *computers*.  But what about all the human time
spent deleting all those autoresponses?

Although it was pointed out that not *everyone* is using auto-responders,
if we assume the list was large enough that any given small percentage of
subscribers have scanners, would could presumabably get the proverbial 250
auto-responders going off.  (And if you just won't believe it, we may
assume the virus sender may cc every list available on FreeBSD.org, from
freebsd-questions to hardware to security.  Many of us subscribe to more
than one list, and presumably, some autoresponding machines as well)

If you are lucky enough to not being using a GUI like a Yahoo! mail
account, you can probably delete their mess pretty fast (esp in Pine).
But then we have to ask ourselves, do we just want to hold down the
delete-key for 250 seconds everytime some joker wants to drop a virus off
to a list?



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message