Introduction

Many variations of sendmail are used on a wide variety of systems in the Internet that facilitate the exchange of electronic mail. The basic design requirement of sendmail is simply this - no e-mail message should ever be lost. Consequently, the sendmail algorithm is extremely robust. For example, if the sendmail sending process cannot confirm that a message was delivered, the process repeatedly attempts to deliver the message [1].

In fact, sendmail is so robust that if the delivery mechanism times-out when processing a large mailing list, some versions of sendmail return to the beginning of the list and resends the message to everyone. At other times, however, sendmail has locked up when attempting to deliver non-compliant remote addresses, effectively denying service to the remainder of the mail queue [1]. The complexity and robustness of the sendmail algorithm makes it very difficult to defend against sendmail-based denial-of-service attacks.

 

Figure 1: Sample Content of Covertly Distributed E-mail

During the first half of 1997, Langley Air Force Base was attacked repeatedly via the Internet with a wide range of automated Simple Mail Transfer Protocol (SMTP) mail bombs. Most e-mail bombs have one primary objective: flood the e-mail server so that it becomes unavailable or is unserviceable. These e-mail attacks may also be used to forge the identity of the attacker, degrade the availability of communications systems, undermine the integrity of organizations, or to covertly distribute illicit material.

Langley AFB actively engaged in efforts to stop sendmail-based mail transfer agents (MTAs) from being used as underground SMTP servers. E-mail servers were being used to distribute pornography and other inappropriate e-mail as illustrated in Figure one. Initial countermeasures to shunt the distribution of covert e-mail resulted in large volumes of e-mail bombs directed at the MTA, graphically illustrated in Figure six, which became known as the Langley Cyber Attack. This paper describes the actual Langley Cyber Attack, e-mail bombing techniques, mail-bombing tools, and countermeasures.

The following section provides a brief review of the technology and an in-depth discussion into e-mail bombing techniques. The Langley Cyber Attack, the countermeasures used, and the early warning system designed to alert against the attack are discussed in section III. The cyber attack section also presents a brief analysis of the results. In order to be complete, section IV contains a brief discussion on cryptographic e-mail bomb countermeasures. A sidebar hosts an overview of a few automated e-mail bombing programs widely available via the Internet.