[Mailman-Developers] Subscription bomb tracing - feature request. (fwd)

Nigel Metheringham Nigel.Metheringham@vdata.co.uk
Mon, 10 Jan 2000 11:02:40 +0000

I've forwarded this from the BUGTRAQ list for consideration - mainly 
mailman uses web subscription, which has different semantics, however 
we should think about trace back information for both web and mail 
based subscriptions.


------- Forwarded Message

Date:    Tue, 04 Jan 2000 15:15:22 +1300
From:    Alan Brown <alan@MANAWATU.GEN.NZ>
Subject: Subscription bomb tracing - feature request.

There have been quite a few subscribe bombs tossed around recently.

While it's nice to see that most mailing list admins use confirm
requests now, it would be a great help if the confirm requests contained
at least the headers of the original request, to aid victims in tracing
their attacker(s).

One attack recently notified to ORBS attempted to sign the victim up to
26,000 different lists via insecure email relays.

The confirmation requests alone constituted a fairly substantial denial
of service attack, as did the huge number of bounces the victim got.

I've only ever seen one mailing list which actually showed where the
signup request came from. Times are still changing and adding an audit
trail would make life easier all round.


------- End of Forwarded Message

[ - Opinions expressed are personal and may not be shared by VData - ]
[ Nigel Metheringham                  Nigel.Metheringham@VData.co.uk ]
[ Phone: +44 1423 850000                         Fax +44 1423 858866 ]