Re: Mail Server testing

From: Volker Tanger (volker.tanger_at_discon.de)
Date: 05/14/03

  • Next message: Mark Ng: "RE: penetration test in a Windows 2000/NT network" 
    Date: Wed, 14 May 2003 10:22:23 +0200
To: Nicolas Gregoire <ngregoire@exaprobe.com>

    Greetings!

    On 13 May 2003 08:35:25 +0200 Nicolas Gregoire <ngregoire@exaprobe.com>
    wrote:

    > On Mon, 2003-05-12 at 05:39, per@same.net wrote:
    >
    > > * Zip-Of-Death. Make one huge (a couple of gigabytes) file and fill
    > > it with homogenous data, for instance only the character "a". Zip
    > > it. This will construct of a file that says "this files contains of
    > > 10(8) a:s" that is very small. Most modern mail content systems
    > > handles this today, some older might not.
    >
    > You should give a look to a file known as 42.zip :
    > http://www.securityfocus.com/bid/3027/exploit/
    >
    > "42.zip: ZIP archive, 42K, composed of nested zips (nested 6 levels
    > deep, each level 17 wide) - produces a file 4GB in size and will
    > reportedly crash 'most email virus checkers'"

    16 items each (not 17), 6 levels = 16^6 - giving 4 TB (TeraByte), not
    smallish Giga's... ;-)

    For Trend InterScan VirusWall solved in 2001/2002 - now it seems Trend
    unpacks the archive one file a time instead of unpacking all. Before
    Trend unpacked all. When that filled the disk, it removed the temp file
    and started over, effectively blocking one scanning thread. To block the
    Trend ISVW you'd had to send (quite) a number of those Monster42.ZIPs
    all simultaneously.

    Bye

    Volker Tanger

    IT-Security
    discon gmbh
    DeTeWe AG & Co. KG

    Fon +49 30 6104-3307
    Fax +49 30 6104-3435
    http://www.detewe.de/ 

    -- 
-------------------------------------------------------------------
Besuchen Sie unsere neuen Internet-Seiten http://www.detewe.de .
Neues Highlight: Wunschproduktberater fuer den Home & Office-Bereich.
Visit our new Internet Pages on http://www.detewe.de .
Our Highlight: Online Product Adviser for Home & Office.
(Currently available in German only)
---------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies 
that are enforced to protect WLANs from known vulnerabilities and threats. 
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.
To get your FREE white paper visit us at:    
http://www.securityfocus.com/AirDefense-pen-test
----------------------------------------------------------------------------
  • Next message: Mark Ng: "RE: penetration test in a Windows 2000/NT network"