How to automate a DoS attack using the Post Office
By John Leyden
Posted: 14/04/2003
Fancy taking revenge on someone you don't like by deluging someone with junk mail?
A little bit of knowledge can go a long way. Thanks to the increased readiness of companies to send out brochures and magazines to anyone who bothers to register online, the US Postal Service can become the agent of denial of service attacks.
This much is well known, but a recent paper by security researchers Simon Byers, Aviel Rubin and Dave Kormann demonstrates how to automate this attack.
If you type the following search string into Google -- "request catalogue name
address city state zip" -- you'll get links to over thousands of Web forms where
you can type in your information and receive a catalogue in the mail.
It'd be a tedious business to fill out many forms.
But anyone
with a modest amount of programming skills, and a target's snail mail address,
can automate the attack and deluge their victims with junk mail.
Last
December, self-styled "spam king" Alan Ralsky let slip his snail-mail address.
Internet activists seized on this information to deluge him with unwanted snail
mail.
Within weeks he was getting hundreds of pounds of junk mail per
day and was unable to find his real mail amongst the deluge.
A
pleasantly ironic attack, made all the more satisfying by Ralsky's outraged
reaction.
