Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Possible Gauntlet DoS
From: mcmahon () WWSI COM (John J. McMahon)
Date: Thu, 24 Jul 1997 13:09:07 -0400

This is a multi-part message in MIME format.
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hello, I recently had a problem while testing some security startegies on
our internal network.  The problem in a nutshell was that our Gauntlet
firewall bastion host was bouncing all mail originating from inside the
firewall.  (I'm not sure if it bounced all incomming mail or not, I
believe that at a certain point it more than likely did).

Keep in mind that Gauntlet smap/smapd is a front end for sendmail.
It expects to send mail via SMTP to an internal mail hub, and it
is the responsibility of the internal mail hub to handle the
mail properly.  What appears to occur here is the dud mail message
is redelivered to the LAN host (likely addressed
to: trashaddress () localdomain) which should then cause the message to
bounce.  The bounce should go to jim () realdomain com, which the
LAN server should drop.  Instead it tries to send it back to
the Firewall.  Rinse, Lather, Repeat...

I'd suggest grabbing some of the bounces and forwarding them to
gauntlet-support.  They are pretty good at diagnosis and sendmail

(ex-Gauntlet Support Goon)

John "FuzzFace" McMahon, Director of Internet Technologies
Worldwide Solutions, Inc.                             Sterling, Virginia
mailto:mcmahon () wwsi com       +1.303.581.0800       http://www.wwsi.com/
Content-Type: text/x-vcard; charset=us-ascii; name="vcard.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for John McMahon
Content-Disposition: attachment; filename="vcard.vcf"

begin:          vcard
fn:             John McMahon
n:              McMahon;John
org:            <IMG SRC="http://www.wwsi.com/logo.gif"; ALT="Worldwide Solutions Inc.">
adr:            46883 Rabbitrun Terrace ;;;Sterling;VA;20164;USA
email;internet: mcmahon () wwsi com
title:          Director, Internet Technologies
tel;work:       703.450.6793/303.581.0800
x-mozilla-cpt:  ;0
x-mozilla-html: FALSE
end:            vcard


  By Date           By Thread  

Current thread:
  • Possible Gauntlet DoS Jimmy L. Alderson (Jul 24)
    • <Possible follow-ups>
    • Re: Possible Gauntlet DoS John J. McMahon (Jul 24)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]