[Mimedefang] OT: New Attack/Poor SPAMming programming?
David F. Skoll
dfs at roaringpenguin.com
Thu Jan 11 15:39:25 EST 2007
Ben Kamen wrote:
> Has anyone noticed this? I'm seeing a lot of open connections in
> Sendmail like this:
> sendmail: server 71-10-225-162.dhcp.oxfr.ma.charter.com [71.10.225.162]
> cmd read
Yep.
I've set this in sendmail.mc:
define(`confTO_COMMAND',`40s')
and haven't noticed any ill effects. It is a DoS waiting to happen,
because the default Timeout.command is 1 hour! If you want to kill
someone's machine, just open up lots of connections to port 25 and sit
doing nothing. If you have control of many zombie machines, you can
fill up the victim's process table in a trice while consuming almost
no resources on your botnet.
Regards,
David.
More information about the MIMEDefang
mailing list