spammer using cancel evading technique
Tomasz R. Surmacz
tsurmacz at ict.pwr.wroc.pl
Thu Dec 4 12:57:55 UTC 2003
Paul Tomblin wrote on Wed, Dec 03, 2003 at 10:06:34PM -0500:
> Quoting Tomasz R. Surmacz (tsurmacz at ict.pwr.wroc.pl):
> > The convention of using <cancel.MSGID> allows multiple bots to cooperate
> > without generating tons of unnecessary messages. But this works on an
> > assumption, that the cancel message will eventually hit all servers,
> > from one bot or another. If somebody is poisoning news servers with
> So somebody needs to make a smarter bot that if it sees cancel.foo in
> history, but but foo is still uncancelled, it issues a cancel_1.foo (but
> only if cancel_1.foo isn't in the history as well).
This will only escalate problem with race between bots creating more
cancel messages and spammers creating more forged cancels.
Making sure that <cancel.MSGID> really cancels <MSGID> otherwise it is
not accepted, will solve it permanently.
(_ _' __) Tomasz R. Surmacz, tsurmacz#ict.pwr.wroc.pl
| (__ \ The wonderful thing about standards is that
|__(____/ there are so many of them to choose from.
More information about the inn-bugs