New e-mail bomb technique - The Web Realm

Isn't this rather neat? Okay, terribly malicious, but kind of neat. Admit it! So all a cracker has to do now is get a mac or a linux / unix machine, install an SMTP server on it, configure it properly, which is, of course, improperly, and then they send an e-mail from the guy they want to attack to as many addresses as they can, and then all of the bounces hit the target. Now get four or five mail servers you can do this from in colo.

Look, a full mailbox doesn't bother a user much. But you fill the mail queue on a server, and that server becomes super slow. You can do some serious damage with this one. I'm impressed.

Administrators, double check your servers. Make sure your server can't be used to do this by accident. Because now there are people out there looking for open relays in the hopes that they're configured this way, and when they find one they'll use it.

Leave a comment

Recent Entries
# links for 2008-02-10 # Biofuels Do More Harm Than Good # del.icio.us # That'll do it # Under Construction # Revamp # GooSync # Trusting Google # Play AACs on your TiVo with TiVo Desktop from a Mac # My Once and Future Cloud

Flickr Photostream

Categories
Apple Aquarium Banking Blog Stuff Bookmarks Books Boston Comedy Comics Development Drama Entertainment For the Mac Hacks Hardware In The News Internet Linux Mobile Phones Movies Music Open Source OS X Politics Red Sox Science Security Software Sports Stuff 'n Junk Sysadmin Stuff Technology Television Testing Thoughts UNIX Vermont Virii Windows

Tags
blog cloud development bookmarks google code email global warming gmail google calendar news organization politics science study symbian tags test web 2.0

Archives
February 2008 January 2008 December 2007 November 2007 October 2007 September 2007 August 2007 July 2007 March 2007 February 2007 January 2007 December 2006 November 2006 September 2006 August 2006 July 2006 June 2006 May 2006 April 2006 March 2006 February 2006 January 2006 December 2005 November 2005 October 2005 September 2005 August 2005 December 2004 November 2004 October 2004 September 2004 August 2004 July 2004 June 2004 May 2004 April 2004 March 2004

Guest Posts
Blog for America Boston Metroblogs

Links
802 Online Blog for America Boston Metroblogs Dream Theater Info Network Dr. Mosh Engadget Gizmodo Lukwam Mac OS X Hints The Register SAGE Skadz Slashdot Kevin Smith

Powered by Movable Type Publishing Platform
This blog is licensed under a Creative Commons License.