[ngw] Mailbomb-Gwia hacked through telnet

David Clayton Davidc at epworth.org.au
Sun Dec 23 22:34:14 UTC 2001


We do a similar thing using BorderManager 3.5 as an incoming mail relay and we reject anything not addressed to our domain.

It works well in this regard but because we accept all incoming mail to our domain we can't "bounce" mail to invalid user accounts so mailing lists that use this method for identifying bad accounts and don't respect returned messages never stop sending to us!    :-(


Regards,

David Clayton
Infrastructure Planning & Projects Co-ordinator
Epworth Hospital, Phone +61-3-9426 6395, fax +61-3-9429 5659


>>> "Tony Vissoc" <tvissoc at scitexdpi.com> 21/12/2001 1:58:02 >>>
This is one reason we have a linux box receiving all our internet email.
 Outbound stuff goes direct, but inbound stops first at the linux box.

Tony

>>> chad at Capitalcityfruit.com 12/20/01 10:42AM >>>
The IP addresses change with every message.  I don't want to do a range
of Ip addresses with the fear of blocking legitimate customers.

>>> ACQUISTJ at lan.newpaltz.edu 12/20/01 9:30:08 AM >>>
One might setup IP filters using Netware filters, and block certain IP
address(s) or ranges.

-----------------------------------------
Joe Acquisto
SUNY New Paltz
845-257-3134 (V)
845-257-6900 (F)
-----------------------------------------------------------------------------------------
Is a Patriot one who acts in fear to preserve his Country?
Or one who acts, at risk,  to extend his ideals to all?
----------------------------------------------------------------------------------------


>>> "Gordon Ross" <G.Ross at ccw.gov.uk> 12/20/01 10:24AM >>>
With GWise upto and including V5.x, GWIA will accept ANY message.
Later
on in the processing, it will delete/ignore the message if the message
is a relay message and relaying is switched off.

With GW6, the GWIA checks the To and From field before it accepts the
full message. If it is a relay message, and relaying is switched off
then the GWIA will reject the message before receiving it.

When people say they "telnet in" and drop messages off, all they are
doing, is manually connectiong to the SMTP port on GWIA and manually
typing the SMTP commands to send the message. I often do this to test
things like message processing on my Unix hosts. You can't stop this,
except by stopping the SMTP service on the GWIA, which kind-of defeats
the point of having the GWIA in the first place.

GTG

>>> chad at Capitalcityfruit.com 20/12/2001 15:18:33 >>>
My email server was hit by a mailbomb the other day.  Apparently there
is a "feature" built into the gwia that allows you to Telnet directly
into the gwia and drop in messages.  This supposed to be for testing. 


The problem I am having is someone is telneting into my gwia and
dropping in several thousand messages.  using my server as a relay
server.  I have relaying disabled and I have gwia field test patch for
sp4 installed.  

I am running GW 5.5 EP sp2.  Has anyone else had this problem or now
how to disable this feature?  

I do have Guinevere set to delete the messages as they come in but,
this is still eating up bandwidth.  I want to prevent them from coming
in at all.

I seen a TID on Novell describes a way to disable this "feature" in
GroupWise 6.  Can anyone confirm this?  Danita??

Thanks,

Chad





------------------------------------------------------------------------
[Confidentiality Notice]
------------------------------------------------------------------------
The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or
privileged
material.  Any review, retransmission, dissemination or other use of,
or taking of any action in reliance upon, this information by persons
or
entities other than the intended recipient is prohibited.  If you
received this transmission in error, please contact the sender by
reply
e-mail
or by telephone (515-981-5111) and delete and destroy all copies of
the
material, including all copies stored in the recipient's computer,
printed or
saved to disk.

--
Visit http://www.ngwlist.com for help with the list.
Visit http://www.concentrico.net for GroupWise, NDS, or DirXML
development needs and product information.


--
Visit http://www.ngwlist.com for help with the list.
Visit http://www.concentrico.net for GroupWise, NDS, or DirXML
development needs and product information.





------------------------------------------------------------------------
[Confidentiality Notice]
------------------------------------------------------------------------
The information transmitted is intended only for the person or entity
to which it is addressed and may contain confidential and/or
privileged
material.  Any review, retransmission, dissemination or other use of,
or taking of any action in reliance upon, this information by persons
or
entities other than the intended recipient is prohibited.  If you
received this transmission in error, please contact the sender by reply
e-mail
or by telephone (515-981-5111) and delete and destroy all copies of
the
material, including all copies stored in the recipient's computer,
printed or
saved to disk.



More information about the ngw mailing list