Zip of Death attack
Julian Field
jkf at ecs.soton.ac.uk
Sat Sep 1 20:33:42 IST 2001
Well, we've just had our first "zip of death" denial of service attack. An
email message had a file called "42.zip" attached to it (42,374 bytes long)
which would have required 53,000 Tbytes of storage to unpack.
Interestingly, Sophos didn't run out of memory or disk space or anything
like that, so at least it didn't take the server out. However, it just went
away to scan the file for a *very* long time (I killed it after several
hours). I killed the "sweep" process that was trying to scan it and
MailScanner picked up where it left off, scanning the rest of the queue.
Not perfect, so I may have a go at Sophos about their software's behaviour
in this situation...
--
Julian Field Teaching Systems Manager
jkf at ecs.soton.ac.uk Dept. of Electronics & Computer Science
Tel. 023 8059 2817 University of Southampton
Southampton SO17 1BJ
More information about the MailScanner
mailing list