At 10:25 PM 1/12/96 GMT, John Lull wrote:
On Fri, 12 Jan 1996 10:55:12 -0800, you wrote:
Cypherpunks: is there any way to respond to, or prevent, this sort of attack short of actually shutting down the remailer?
Yes, very simply.
The remailer could calculate a hash for the body of each encrypted message received (the same portion which will be decrypted by PGP), tabulate the last few thousand hashes, and simply discard any messages with a duplicate hash. The target of the attack would receive only the first copy of the message.
I am afraid it is not that simple. Remember that the mailbombing consists of many, many horny little geeks responding to a single message. They are replying to the same message (and probibly adding a few "me too!" lines), not mailing the same one over and over again. Another idea would be to keep a md5 (or other) hash list of the reply block used and have a disabled list for such spam attacks. (Unfortunatly this requires code, thus time.) Pretty nasty variation on a "denial of service" attack. What next? Fake "David Rhodes does e-cash" messages with the target's e-mail address? Alan Olsen -- alano@teleport.com -- Contract Web Design & Instruction `finger -l alano@teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "Is the operating system half NT or half full?"