Peter di Camillo has the right address here if you want to pirsue the issue until you get stung. -- Paul. > There's no puzzle here except which account at io.org is responsible > for the problem. Here's a copy of the information I posted to > LSTSRV-L about it last night. > > ------------------ > > On 7 Jul 1995 at 11:17:05 Jeff Kell wrote: > >Apparently a mass "subscription spam" was sent to LISTSERV@BROWNVM to > >accomplish this mess as all of the console entries show that the mail > >requests were forwarded from LISTSERV@BROWNVM (and given the propagation > >delays in Bitnet, it would explain the length of time involved): > > > >7 Jul 1995 04:21:15 From LISTSERV@BROWNVM: X-FOR FWDED=2 [log in to unmask] SUBSCRIBE > >7 Jul 1995 04:21:16 To [log in to unmask]: You have been added to the HP3000-L list. > >7 Jul 1995 04:21:16 Sent information mail to [log in to unmask] > >7 Jul 1995 04:21:17 Sent information mail to JEFF@UTCVM > >7 Jul 1995 04:21:17 Sent information mail to [log in to unmask] > > > >I am sending a copy of this mail to BROWNVM's postmaster/Listserv owner > >and hope they can find something in their logs to indicate the true > >origin of this attack. The files DID come from BROWNVM (received by > >Listserv from RSCS, MAILER was not involved and thus no mail spoof here). > > I checked our log files, and did find some information. Our SMTP server > (brownvm.brown.edu) received 16 pieces of mail from io.org between 7/6/95 > at 23:41 and 7/7/95 at 03:15. Here's a typical log entry: > > 07/07/95 00:20:34 TCP (3) Helo Domain: io.org 142.77.70.2 > 07/07/95 00:20:36 Received Note 12462468 via TCP (3) From <[log in to unmask]> > > The mail was all addressed to LISTSERV, and contained hundreds of > subscription requests for addresses not at io.org. There seems little > doubt the mail was forged in order to inundate those addresses with > mail. Here are the addresses that were forged: > > [log in to unmask] > [log in to unmask] > [log in to unmask] > [log in to unmask] > [log in to unmask] > [log in to unmask] > [log in to unmask] > [log in to unmask] > > I'll keep the log files for a few days, in case someone wants more > detailed information. I'm sending a copy of this mail to the site > contact at io.org, in case he can track down who did this. If he > has logs, it shouldn't be too hard, since brownvm.brown.edu received > no other mail from io.org during that time period. > > ------------------ > > This happened again tonight in the last couple hours with the following > addresses: > > [log in to unmask] > [log in to unmask] > [log in to unmask] > [log in to unmask] > [log in to unmask] > [log in to unmask] > > Also, in addition to subscribe commands, review commands are also > being forged. However he's doing it, he managed to get Listserv here > to have about 7000 PUN files with 2-line jobs for subscribe and review > commands. > > Peter > -- Dr. Paul S. di Virgilio, University of Toronto [log in to unmask]