LISTSERV - LSTSRV-L Archives - COMMUNITY.EMAILOGY.COM

LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L

	LISTSERV Archives
	LSTSRV-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: suggestion to capture sub requests

Jeff Kell <[log in to unmask]>

Fri, 7 Jul 1995 11:01:28 EDT

text/plain (49 lines)

On Fri, 7 Jul 1995 10:33:25 -0400 Mario Rups said:
>Poster:       Mike Ramundo <[log in to unmask]>
>>Overnight I had almost 30 sub/command/posting attempts from someone:
>>       Mr. Stumble <[log in to unmask]> ( "User unknown" )
>>Would REALLY be nice if I could provide that postmaster more info !
 
>Another list just got subscriptions from the following rather suspicious
>addresses:
>>[log in to unmask]                              Mr Vortex
>>[log in to unmask]                 Mr Stumble
>>[log in to unmask]                          Mr Nimbus
>>[log in to unmask]                          Mr Fiend
>>[log in to unmask]                    Mr Sheik
>
>You might want to check for those names / addresses as well ... sounds like
>something's up.
 
Same here - I had subscriptions for ALL of our public lists for the above
addresses, plus <[log in to unmask]> and <[log in to unmask]>.
One "wave" of subscription requests around 1:00 AM EDT was rejected since
no name was specified, the next wave arrived between 2:00-4:30 AM EDT.
 
Apparently a mass "subscription spam" was sent to LISTSERV@BROWNVM to
accomplish this mess as all of the console entries show that the mail
requests were forwarded from LISTSERV@BROWNVM (and given the propagation
delays in Bitnet, it would explain the length of time involved):
 
7 Jul 1995 04:21:15 From LISTSERV@BROWNVM: X-FOR FWDED=2 [log in to unmask] SUBSCRIBE
7 Jul 1995 04:21:16 To   [log in to unmask]: You have been added to the HP3000-L list.
7 Jul 1995 04:21:16 Sent information mail to [log in to unmask]
7 Jul 1995 04:21:17 Sent information mail to JEFF@UTCVM
7 Jul 1995 04:21:17 Sent information mail to [log in to unmask]
 
I am sending a copy of this mail to BROWNVM's postmaster/Listserv owner
and hope they can find something in their logs to indicate the true
origin of this attack.  The files DID come from BROWNVM (received by
Listserv from RSCS, MAILER was not involved and thus no mail spoof here).
 
I'm tempted to contact the victims to see if they have a common enemy,
but given what their mailboxes must look like this morning, I think not.
 
[\] Jeff Kell <[log in to unmask]>  UTC.EDU Postmaster/Listserv owner
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
| Jeffrey R Kell, Dir Tech Services | Internet:     [log in to unmask]  |
| Admin Computing, 117 Hunter Hall  | or [log in to unmask] |
| Univ of Tennessee at Chattanooga  |    Voice:  (615)-755-4551         |
| Chattanooga, TN  37403-2598       |      FAX:  (615)-755-4025         |
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM