spammer using cancel evading technique

Tomasz R. Surmacz tsurmacz at ict.pwr.wroc.pl
Thu Dec 4 12:57:55 UTC 2003


Paul Tomblin wrote on Wed, Dec 03, 2003 at 10:06:34PM -0500:
> Quoting Tomasz R. Surmacz (tsurmacz at ict.pwr.wroc.pl):
> > The convention of using <cancel.MSGID> allows multiple bots to cooperate
> > without generating tons of unnecessary messages. But this works on an
> > assumption, that the cancel message will eventually hit all servers,
> > from one bot or another. If somebody is poisoning news servers with
> 
> So somebody needs to make a smarter bot that if it sees cancel.foo in
> history, but but foo is still uncancelled, it issues a cancel_1.foo (but
> only if cancel_1.foo isn't in the history as well).

This will only escalate problem with race between bots creating more
cancel messages and spammers creating more forged cancels.
Making sure that <cancel.MSGID> really cancels <MSGID> otherwise it is
not accepted, will solve it permanently.

Tomasz

-- 
 _________
(_   _' __) Tomasz R. Surmacz, tsurmacz#ict.pwr.wroc.pl
  |  (__  \ The wonderful thing about standards is that
  |__(____/ there are so many of them to choose from.


More information about the inn-bugs mailing list