Re: Mail Server testing

From: Volker Tanger (volker.tanger@discon.de)
Date: Wed May 14 2003 - 04:22:23 EDT


Greetings!

On 13 May 2003 08:35:25 +0200 Nicolas Gregoire <ngregoire@exaprobe.com>
wrote:

> On Mon, 2003-05-12 at 05:39, per@same.net wrote:
>
> > * Zip-Of-Death. Make one huge (a couple of gigabytes) file and fill
> > it with homogenous data, for instance only the character "a". Zip
> > it. This will construct of a file that says "this files contains of
> > 10(8) a:s" that is very small. Most modern mail content systems
> > handles this today, some older might not.
>
> You should give a look to a file known as 42.zip :
> http://www.securityfocus.com/bid/3027/exploit/
>
> "42.zip: ZIP archive, 42K, composed of nested zips (nested 6 levels
> deep, each level 17 wide) - produces a file 4GB in size and will
> reportedly crash 'most email virus checkers'"

16 items each (not 17), 6 levels = 16^6 - giving 4 TB (TeraByte), not
smallish Giga's... ;-)

For Trend InterScan VirusWall solved in 2001/2002 - now it seems Trend
unpacks the archive one file a time instead of unpacking all. Before
Trend unpacked all. When that filled the disk, it removed the temp file
and started over, effectively blocking one scanning thread. To block the
Trend ISVW you'd had to send (quite) a number of those Monster42.ZIPs
all simultaneously.

Bye

Volker Tanger

IT-Security
discon gmbh
DeTeWe AG & Co. KG

Fon +49 30 6104-3307
Fax +49 30 6104-3435
http://www.detewe.de/

-- 
-------------------------------------------------------------------
Besuchen Sie unsere neuen Internet-Seiten http://www.detewe.de .
Neues Highlight: Wunschproduktberater fuer den Home & Office-Bereich.
Visit our new Internet Pages on http://www.detewe.de .
Our Highlight: Online Product Adviser for Home & Office.
(Currently available in German only)
---------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies 
that are enforced to protect WLANs from known vulnerabilities and threats. 
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.
To get your FREE white paper visit us at:    
http://www.securityfocus.com/AirDefense-pen-test
----------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:33 EDT