Email attack could kill servers

scan pc for spyware or adware free

Email attacking servers


A crafty way of knocking out any email server using a few carefully
constructed emails has been identified by a team of computer security
experts.

The trick involves sending forged emails that contain thousands of
incorrect addresses in the "copy to" fields that are normally used to
send duplicate messages.

Researchers at UK-based NGSSoftware sent these emails to the largest
email servers on the internet, and found they could force huge
quantities of unwanted email to pour into another mail server of their
choice.

The exploit depends on finding a server configured to return an email
plus its attachments to each incorrect address. But this can be tested
by sending just a single message.

The next step is to forge an email so it appears to come from the mail
server that is to be the target of the attack. This is also relatively
simple trick. Finally, the forged email, complete with the thousands
of incorrect addresses is sent. The resulting avalanche of "bounced"
messages sent to the target server would almost certainly cause it to
crash, and leave its users without access to their mail.

"With one 10 kilobyte email I could then send 100 megabytes back to a
server of my choosing," says Gunter Ollman, one of the researchers who
identified the potential attack.

Fortune 500

The researchers tested the email servers of all Fortune 500 companies
and found that 30 per cent could be used to launch this type of
attack.

All email is sent across the internet using the Simple Mail Transfer
Protocol (SMTP), which stipulates that a notification should be sent
whenever a message with a bad address is received. There are numerous
different types of email server, however, which can all be configured
in various ways.

Ollman adds that using an insecure email server to send the initial
messages would make the attack virtually untraceable. "You can pretty
much do it anonymously," he told New Scientist.

It should be fairly simple to reconfigure mail servers so that they
are no longer vulnerable to this attack, but Ollman notes that is up
to each company to take this step:

"They all need to take a look at their mailing architecture," he says.
"It only takes two or of these companies for the attack to work."



Internet Security News Home

 

WorldsLargestNetwork.com




Scan Your PC for Spyware Free

PC Speed Boost

Create Website Easily

Computer Monitoring Software

Internet Education

Anti Spy Software

Stop Pop Ups

Pop-up Eliminator

Adware Removal

Computer Virus Software

Free Scan Spyware Remover

IT Training

Security Software

Security Solutions

Software Protection

Speed Up PC

Virus Protection

Web Safety

Adware Remover and Spyware Protection

Animated Desktop Characters

Anti Virus Software

Audioexam Study Guides in Mp3 Format

Internet Privacy

Detection Connection

Investigate Anyone or Anything

Password Protection Software

Securing Privacy

Spyware Remover





Best of the Web 1 | Best of the Web 2 | Best of the Web 3 | Best of the Web 4


Worlds Largest Network

Active © 2006; WorldsLargestNetwork.com ; Rights Reserved