Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: SMTP non delivery notification DoS/DDoS Attacks

SMTP non delivery notification DoS/DDoS Attacks

From: Stefan Frei <stefan.frei_at_techzoom.net>
Date: Mon, 5 Apr 2004 19:07:45 +0000

Dear list members,

My colleagues and I have been doing some research into a mail-related vulnerabilities over the last month or two. We discovered that a problem exists within the way non-delivery notifications are sent from many SMTP mail servers. This problem can be successfully (and rather easily) turned into an effective denial of service (DoS). The vulnerability affects many of the popular SMTP commercial offerings, but is dependant upon their configuration. In general, larger organisations tend to be more vulnerable.

The authors had planned on releasing this analysis after the Easter break. Unfortunately we have noticed that a popular vulnerability discussion forum has already begun discussing the vulnerability in a such a fashion which may lead to attacks over the long weekend. Therefore we have found it necessary to release the paper sooner in an effort to allow developer and administrators to secure their SMTP mail services in time.

This vulnerability appears to affect around 30% of our main study group (the Fortune 500), and has significance to all essential e-mail communications. The authors have proved that this vulnerability can be easily exploited and can be used to DoS almost any SMTP service on the Internet. By utilising multiple vulnerable STMP servers, a distributed DoS is possible, and can be used to cause the loss of mail services (and in extreme cases all Internet connectivity) to any organisation.

Paper Abstract:
Analysis of e-mail non-delivery receipt handling by live Internet-bound e-mail servers has revealed a common implementation fault that could form the basis of a new range of DoS attacks. Our research in the field of e-mail delivery revealed that mail servers may respond to mail delivery failure with as many non-delivery reports as there are undeliverable Cc: and Bcc: addresses contained in the original e-mail. Non-delivery notification e-mails generated by these systems often include a full copy of the original e-mail sent in addition to any original file attachments. This behaviour allows malicious users to leverage these mail server implementations as force multipliers and flood any target e-mail system or account.

The paper is available from:

http://www.techzoom.net/mailbomb 

--
best regards 
Stefan Frei
--------------------------------------------------------------
frei_at_techzoom.net [techzoom.net]
--
Received on Apr 05 2004
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos