Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 3 May 1997 18:32:39 +1000 (EST)
From:      "Daniel O'Callaghan" <danny@panda.hilink.com.au>
To:        "Jeffrey J. Mountin" <sysop@mixcom.com>
Cc:        hackers@FreeBSD.ORG
Subject:   Re: SPAM target
Message-ID:  <Pine.BSF.3.91.970503182121.4479N-100000@panda.hilink.com.au>
In-Reply-To: <3.0.32.19970502235144.00b040f4@mixcom.com>
next in thread | previous in thread | raw e-mail | index | archive | help 


On Fri, 2 May 1997, Jeffrey J. Mountin wrote:

> At 11:45 AM 5/2/97 -0700, Josef Grosch wrote:
> >Terry Lambert said:
> >>Of course, if someone wanted to build a little program to connect to
> >>their smtp server and send an "RSET\r\n" every <configurable interval>
> >>to keep the smtp server process alive and it's pages in core...
> >>
> >>And then if a certain mailing list of someone's friends were made aware
> >>of the URL to pick up their copy of the program...
> >>
> >>It seems to me that this hypothetical person would play hell with their
> >>ability to start spam sending processes.
> >
> >Terry, that is a diabolically clever idea! 
> 
> Hmmm... guess THAT would teach them to send to -hackers.

Another version of this would be to write a small program which sends
1064 byte TCP packets to the offending site, mounting a denial of service 
attack.

1. src port of packet should be 25 or 23 or 21 or 80
2. dst port of packet should be > 1024, < 4999
3. packet should have the ACK bit set
4. src address should be spoofed randomly for each packet

These packets obviously look exactly like packets coming from legitimate 
connections, and so the only way to filter them is by turning off the router.

The program should send a maximum of 1 packet per second.

A T1 line is capable of 192kbytes/sec, so 192 collaborators would be able 
to saturate a T1 line with essentially zero cost to themselves.  Because 
of the spoofed src addresses, the cost of receiving the RST packets is 
spread throughout the entire Internet.

Now, who's going to write this program?

Danny

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.970503182121.4479N-100000>