mailing list archives
Re: Possible Gauntlet DoS
From: mcmahon () WWSI COM (John J. McMahon)
Date: Thu, 24 Jul 1997 13:09:07 -0400
This is a multi-part message in MIME format.
Content-Type: text/plain; charset=us-ascii
Hello, I recently had a problem while testing some security startegies on
our internal network. The problem in a nutshell was that our Gauntlet
firewall bastion host was bouncing all mail originating from inside the
firewall. (I'm not sure if it bounced all incomming mail or not, I
believe that at a certain point it more than likely did).
Keep in mind that Gauntlet smap/smapd is a front end for sendmail.
It expects to send mail via SMTP to an internal mail hub, and it
is the responsibility of the internal mail hub to handle the
mail properly. What appears to occur here is the dud mail message
is redelivered to the LAN host (likely addressed
to: trashaddress () localdomain) which should then cause the message to
bounce. The bounce should go to jim () realdomain com, which the
LAN server should drop. Instead it tries to send it back to
the Firewall. Rinse, Lather, Repeat...
I'd suggest grabbing some of the bounces and forwarding them to
gauntlet-support. They are pretty good at diagnosis and sendmail
(ex-Gauntlet Support Goon)
John "FuzzFace" McMahon, Director of Internet Technologies
Worldwide Solutions, Inc. Sterling, Virginia
mailto:mcmahon () wwsi com +1.303.581.0800 http://www.wwsi.com/
Content-Type: text/x-vcard; charset=us-ascii; name="vcard.vcf"
Content-Description: Card for John McMahon
Content-Disposition: attachment; filename="vcard.vcf"
fn: John McMahon
org: <IMG SRC="http://www.wwsi.com/logo.gif" ALT="Worldwide Solutions Inc.">
adr: 46883 Rabbitrun Terrace ;;;Sterling;VA;20164;USA
email;internet: mcmahon () wwsi com
title: Director, Internet Technologies
- Possible Gauntlet DoS Jimmy L. Alderson (Jul 24)
- <Possible follow-ups>
- Re: Possible Gauntlet DoS John J. McMahon (Jul 24)