LISTSERV - LSTSRV-L Archives - COMMUNITY.EMAILOGY.COM

LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L

	LISTSERV Archives
	LSTSRV-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Mail Bomb Warning

Marty Hoag <[log in to unmask]>

Sat, 2 Dec 1995 07:55:48 CST

text/plain (51 lines)

   We were inadvertent parties to a rather malicious mailbombing over night.
I thought I should warn the rest of you just in case the perpetrator favors
others with this...
 
   Someone sent at least 5542 mail "jobs" to [log in to unmask] between
the hours of 23:10 last evening and 05:10 this morning.  I'll include
a few SMTP log samples below but please note that until AOL checks their
logs there is no way to tell where this is really coming from.
 
 
   It appears that the jobs were requests for a file here (GET LISTSOF LISTS)
and were given the apparent origin of [log in to unmask] .  That QAQA...
address in turn expands to 57 email addresses!  LISTSERV does have a quota
on the amount of data it will send to any one address but it still sends back
notes that the quota was exceeded in the job output so lots of mail items
still got sent.
 
   Anyway, you may want to serve that [log in to unmask] address off
just in case the person might try this at other LISTSERV sites.  Below are
three of the 5542 SMTP log entries.  I haven't heard from AOL yet on where
the mail came into them (I suspect they were maybe being used as a relay).
 
   Marty
 
 
12/01/95 23:07:49 TCP (14) Helo Domain: emin04.mail.aol.com 198.81.10.11
12/01/95 23:07:51 Received Note 11599845 via TCP (14) From
<[log in to unmask]>
12/01/95 23:07:51 Delivered Note 11599845 to <LISTSERV@NDSUVM1>
forwarded to MAILER@NDSUVM1
12/01/95 23:54:18 TCP (4) Helo Domain: emin04.mail.aol.com 198.81.10.11
12/01/95 23:54:19 Received Note 11599384 via TCP (4) From
<[log in to unmask]>
12/01/95 23:54:19 Delivered Note 11599384 to <LISTSERV@NDSUVM1>
forwarded to MAILER@NDSUVM1
 
... 5,539 entries suppressed ...
 
12/02/95 05:09:46 TCP (31) Helo Domain: emin04.mail.aol.com 198.81.10.11
12/02/95 05:09:47 Received Note 11606629 via TCP (31) From
<[log in to unmask]>
12/02/95 05:09:47 Delivered Note 11606629 to <LISTSERV@NDSUVM1>
forwarded to MAILER@NDSUVM1
 
-----------
Marty Hoag   [log in to unmask]                US Mail: NDSU ITS
ND Higher Education Computer Network                IACC Room 206
Phone: (701)-231-8639  Fax: (701)-231-8541          PO Box 5164
Bitnet: nu021172@NDSUVM1  (note 0=zero, 1=one)      Fargo, ND  58105
URL: http://toons.cc.ndsu.nodak.edu/~hoag/home.html

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM