J-Tech
10-01-2004, 03:29 AM
For those that dont know DoS is a denile of service attack, the mydoom virus was a good example of a DoS attack, well it seems a new way to perform DoS attacks has come about, i figured i'd just drop this on your guys and let you all read it:
The following link is to a PDF document that goes more into detail about the attack described below:
http://www.astalavista.com/index.php?section=dir&act=dnd&id=2884
Analysis of e-mail non-delivery receipt handling by live Internet bound e-mail servers has revealed a common implementation fault that could form the basis of a new range of DoS attacks. Our research in the field of email delivery revealed that mail servers may respond to mail delivery failure with as many non-delivery reports as there are undeliverable Cc: and Bcc: addresses contained in the original e-mail. Non-delivery notification e-mails generated by these systems often include a full copy of the original e-mail sent in addition to any original file attachments. This behaviour allows malicious users to leverage these mail server implementations as force multipliers and flood any target e-mail system or account.
The following link is to a PDF document that goes more into detail about the attack described below:
http://www.astalavista.com/index.php?section=dir&act=dnd&id=2884
Analysis of e-mail non-delivery receipt handling by live Internet bound e-mail servers has revealed a common implementation fault that could form the basis of a new range of DoS attacks. Our research in the field of email delivery revealed that mail servers may respond to mail delivery failure with as many non-delivery reports as there are undeliverable Cc: and Bcc: addresses contained in the original e-mail. Non-delivery notification e-mails generated by these systems often include a full copy of the original e-mail sent in addition to any original file attachments. This behaviour allows malicious users to leverage these mail server implementations as force multipliers and flood any target e-mail system or account.