Hey Hey,

I did a few searches and didn't see this posted, so I thought I'd throw it up here.

I just recieved a new email from the vuln-dev digtest and it seems pretty interesting.

Apparently a good chunk (I believe it was around 30% when dealing with Fortune 500 companies) of mail servers will respond with NDNs (Non-Delivery Notifications) if the user doesn't exist. The problem lies in the fact that the server will reply once for each non-existant user in the CC and BCC fields. The NDNs will also include the original message and attachments. If you send one email to 50 invalid users each with a 100K attachment, you lead to the possibility of having 50 emails and 5M of attachments returned to you. That alone would fill the average users mailbox. Now image if you had a mailbomber that spoofed the address or the reply to address. The numbers in the whitepaper are rather large, with a possible data multiplier of over 300, just over 3.5M sent (3.6 to be exact) and 1.1G recieved on the other end. The possibilities for a large DoS or a DDoS (through email virus or worms) is almost endless.

An info page regarding this is: http://www.techzoom.net/paper-mailbomb.asp
The Whitepaper itself is at: http://www.techzoom.net/paper-mailbomb.asp?id=mailbomb

I found it to be a rather interesting read. I'd love to hear other people's opinions. Especially from some of our more well known seniors who stay up-to-date on vulns and usually have more information than the rest of us minions.

Peace,
HT

[Edit]
I attached the whitepaper below
[/Edit]