In the May '96 issue of Computer Security Alert, Padgett Peterson provides an explanation of how mail bombing is done. It's on page 3 under the "E-mail Security" column with the headline "Mad Bombers on the Net." In the article, Padgett explains the three "stages" of mail bombing: First is to send ungodly amounts of mail from you to the target, the next is to post something offensive under a forged ID to one or more of the "less ruly" [his words] USENET groups, such as alt.2600 or alt.tasteless [his citations], and the third is to subscribe people to mailing lists against their will using forged e-mail. Naturally, Padgett (bless his twisted little mind) indicates that the most severe results can be achieved by sending forged subscription requests to "the larger listservers such as cypherpunks", that generate in excess of a hundred messages a day. Since hackers and wannabes probably read INFOSEC publications with more zeal than do INFOSEC practitioners, I'd say we're likely to be in for even more of the "I don't want to be on this list" sorts of traffic. And Padgett, next time you get interviewed on mail bombing by the press, why don't you point them to "The KISS Army Mailing List," or something of that sort? ------------------------------------------------------------------------- | Liberty is truly dead |Mark Aldrich | | when the slaves are willing |GRCI INFOSEC Engineering | | to forge their own chains. |maldrich@grci.com | | STOP THE CDA NOW! |MAldrich@dockmaster.ncsc.mil | |_______________________________________________________________________| |The author is PGP Empowered. Public key at: finger maldrich@grci.com | | The opinions expressed herein are strictly those of the author | | and my employer gets no credit for them whatsoever. | -------------------------------------------------------------------------