>
http://www.remote.org/jochen/sec/hfpa/index.html
I was interested in the HTML Form Protocol Attack detailed in the above document and
pleased to see that exim should be resistant because it disconnects after a series
of invalid commands. (My tests indicate it takes 6 bad commands to get 3.33 to
disconnect.)
I am concerned that just disconnecting may result in a sending site re-connecting
straight away and causing a loop. An alternative would be to just dump any
further input until the sending site finishes and disconnects. If the sending site
thinks it has finished then it is more likely to go away.
I presume that in the case of the HTML based attack there would be no loop because
the web browser would not keep re-trying, but other situations might be different.
Am I being too pessimistic?
Phil.
---------------------------------------
Phil Chambers (postmaster@???)
University of Exeter
