Ronald F Guilmette <rfg@monkeys.com> writes:
> In light of this possibility, I want to ask you mailing list
> administrators to tell me (if you can) about any and all past
> experiences the list admin community might have with respect to directed
> attacks on legitimate mailing lists. Specifically, I would like to
> know:
> a) Is there any history or historical record of attacks made directly
> on mailing lists themselves, as opposed to individual subscribers?
> If so, please elaborate (at length). For example, have there ever
> been instances in which some miscreant has attempted to subscribe
> one mailing list to another and vise versa? If so, what happened,
> what was the final outcome, and what happened to the perpetrator?
This happened very recently to NANOG. The result is that there is now a
separate NANOG-post list and posts are not accepted from anyone not on
that list (which can be subscribed to in the normal fashion). So far as I
know, the perpetrator was never caught.
> b) Do existing mailing list administration packages cause all subscrip-
> tion requests to be archived (along with full headers) so that cases
> such as the one I just mentioned can be properly traced back to
> their true origin IP address?
No. majordomo, for one, doesn't retain any header information at all.
> c) What estimate would you give for the percentage of existing mailing
> lists whose subscription process is handled manually as opposed to
> fully automated?
For all mailing lists out there period? Probably 80% or more. For
mailing lists with over 200 people subscribed? Maybe 5-10%.
--
Russ Allbery (rra@stanford.edu) <URL:http://www.eyrie.org/~eagle/>
Follow-Ups:
References:
|
|
