LISTSERV - LSTOWN-L Archives - COMMUNITY.EMAILOGY.COM

LSTOWN-L Archives

LISTSERV List Owners' Forum

LSTOWN-L

	LISTSERV Archives
	LSTOWN-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: Justifiable paranoia?

"P. Divirgilio" <[log in to unmask]>

Sat, 8 Jul 1995 23:11:13 -0400

text/plain (78 lines)

Peter di Camillo has the right address here if you want to pirsue the
issue until you get stung. -- Paul.
 
> There's no puzzle here except which account at io.org is responsible
> for the problem.  Here's a copy of the information I posted to
> LSTSRV-L about it last night.
>
> ------------------
>
> On 7 Jul 1995 at 11:17:05 Jeff Kell wrote:
> >Apparently a mass "subscription spam" was sent to LISTSERV@BROWNVM to
> >accomplish this mess as all of the console entries show that the mail
> >requests were forwarded from LISTSERV@BROWNVM (and given the propagation
> >delays in Bitnet, it would explain the length of time involved):
> >
> >7 Jul 1995 04:21:15 From LISTSERV@BROWNVM: X-FOR FWDED=2 [log in to unmask] SUBSCRIBE
> >7 Jul 1995 04:21:16 To   [log in to unmask]: You have been added to the HP3000-L list.
> >7 Jul 1995 04:21:16 Sent information mail to [log in to unmask]
> >7 Jul 1995 04:21:17 Sent information mail to JEFF@UTCVM
> >7 Jul 1995 04:21:17 Sent information mail to [log in to unmask]
> >
> >I am sending a copy of this mail to BROWNVM's postmaster/Listserv owner
> >and hope they can find something in their logs to indicate the true
> >origin of this attack.  The files DID come from BROWNVM (received by
> >Listserv from RSCS, MAILER was not involved and thus no mail spoof here).
>
> I checked our log files, and did find some information.  Our SMTP server
> (brownvm.brown.edu) received 16 pieces of mail from io.org between 7/6/95
> at 23:41 and 7/7/95 at 03:15.  Here's a typical log entry:
>
> 07/07/95 00:20:34 TCP (3) Helo Domain: io.org 142.77.70.2
> 07/07/95 00:20:36 Received Note 12462468 via TCP (3) From <[log in to unmask]>
>
> The mail was all addressed to LISTSERV, and contained hundreds of
> subscription requests for addresses not at io.org.  There seems little
> doubt the mail was forged in order to inundate those addresses with
> mail.  Here are the addresses that were forged:
>
> [log in to unmask]
> [log in to unmask]
> [log in to unmask]
> [log in to unmask]
> [log in to unmask]
> [log in to unmask]
> [log in to unmask]
> [log in to unmask]
>
> I'll keep the log files for a few days, in case someone wants more
> detailed information.  I'm sending a copy of this mail to the site
> contact at io.org, in case he can track down who did this.  If he
> has logs, it shouldn't be too hard, since brownvm.brown.edu received
> no other mail from io.org during that time period.
>
> ------------------
>
> This happened again tonight in the last couple hours with the following
> addresses:
>
> [log in to unmask]
> [log in to unmask]
> [log in to unmask]
> [log in to unmask]
> [log in to unmask]
> [log in to unmask]
>
> Also, in addition to subscribe commands, review commands are also
> being forged.  However he's doing it, he managed to get Listserv here
> to have about 7000 PUN files with 2-line jobs for subscribe and review
> commands.
>
> Peter
>
 
 
--
 
Dr. Paul S. di Virgilio,  University of Toronto  [log in to unmask]

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM