usefor-article-03 February 2000

9.1.  Attacks

   The two categories of attack that news is most vulnerable to are
   Denial-of-Service and exploitations of particular implementations.
   Many have argued that "spam", massively crossposted or reposted
   articles constitutes a DoS attack in its own regard. This may be so.

   Sending off-topic messages is a matter for individual hierarchies and
   newsgroups to control. It is a violation of this standard to "forge"
   an email address, that is, to use a valid email address which you are
   not entitled to use. All invalid email addresses used in headers MUST
   end in the ".invalid" top-level-domain. This facility is provided
   primarily for those who wish to remain anonymous, but do not care to
   take the additional precautions of using more sophisticated anonymity
   measures.

   It is possible that legal penalties may apply to sending unsolicited
   commercial email and/or news articles. Check with your local legal
   authorities.

--- ../s-o-1036/Attacks.out          June 1994
+++ ../usefor-article-03/Attacks.out          February 2000
@@ -1,68 +1,20 @@
-11.2. Attacks
+9.1.  Attacks
 
-Although the limitations of the medium restrict what can  be
-done  to  attack  a host via news, some possibilities exist,
-most of them problems news shares with mail.
-
-If reading  agents  are  careless  about  transmitting  non-
-printable  characters  to  output devices, malicious posters
-may post articles  containing  control  sequences  ("letter-
-bombs")  meant to have various destructive effects on output
-devices.  Possible effects depend on the  device,  but  they
-can  include  hardware  damage  (e.g. by repeated writing of
-values into configuration memories that can tolerate only  a
-limited number of write cycles) and security violation (e.g.
-by reprogramming function keys potentially  used  by  privi-
-leged readers).
-
-A  more  sophisticated variation on the letterbomb is inclu-
-sion of "Trojan horses"  in  programs.   Obviously,  readers
-must  be  cautious  about  using software found in news, but
-more subtly, reading agents must also exercise  care.   MIME
-messages  can  include  material  that is executable in some
-sense, such as PostScript documents (which  are  programs!),
-and letterbombs may be introduced into such material.
-
-Given  the  presence  of finite resources and other software
-limitations,  some  degree  of  system  disruption  can   be
-achieved  by  posting  otherwise-innocent  material in great
-volume, either in single huge articles (see section 4.6)  or
-in  a stream of modest-sized articles.  (Some would say that
-the steady growth of Usenet volume constitutes a subtle  and
-unintentional  attack  of  the latter type; certainly it can
-have disruptive effects if administrators are  inattentive.)
-Systems  need some ability to cope with surges, because sin-
-gle huge articles occur occasionally as the result of  soft-
-ware error, innocent misunderstanding, or deliberate malice,
-and downtime at upstream hosts can cause droughts,  followed
-by floods, of legitimate articles.  (There is also a certain
-amount of normal variation; for example, Usenet  traffic  is
-noticeably  lighter  on  weekends and during Christmas holi-
-days, and rises noticeably at the start of the  school  term
-of  North  American  universities.)   However,  a  site that
-
-INTERNET DRAFT to be        NEWS                   sec. 11.2
-
-
-normally receives little traffic may be quite vulnerable  to
-"swamping" attack if its software is insufficiently careful.
-
-In general, careless implementation may open doors that  are
-not  intrinsic  to  news.   In particular, implementation of
-control messages (see sections 6.6  and  7)  and  unbatchers
-(see section 8.1 and 8.2) via a command interpreter requires
-substantial precautions to ensure  that  only  the  intended
-capabilities  are  available.   Care must also be taken that
-article-supplied text is  not  fed  to  programs  that  have
-escapes to command interpreters.
-
-Finally,  there  is considerable potential for malice in the
-sendsys, version, and whogets control  messages.   They  are
-not  harmful  to  the hosts receiving them as news, but they
-can be used to enlist those  hosts  (by  the  thousands)  as
-unwitting  allies  in a mail-swamping attack on a victim who
-may not even receive news.   The  precautions  discussed  in
-section  7.5  can reduce the potential for such attacks con-
-siderably, but the hazard cannot be eliminated  as  long  as
-these control messages exist.
+   The two categories of attack that news is most vulnerable to are
+   Denial-of-Service and exploitations of particular implementations.
+   Many have argued that "spam", massively crossposted or reposted
+   articles constitutes a DoS attack in its own regard. This may be so.
+
+   Sending off-topic messages is a matter for individual hierarchies and
+   newsgroups to control. It is a violation of this standard to "forge"
+   an email address, that is, to use a valid email address which you are
+   not entitled to use. All invalid email addresses used in headers MUST
+   end in the ".invalid" top-level-domain. This facility is provided
+   primarily for those who wish to remain anonymous, but do not care to
+   take the additional precautions of using more sophisticated anonymity
+   measures.
+
+   It is possible that legal penalties may apply to sending unsolicited
+   commercial email and/or news articles. Check with your local legal
+   authorities.