Bugtraq mailing list archives

Re: Stupid crackers exploiting stupid users

From: chowes () helix net (Charles Howes)
Date: Sun, 23 Oct 1994 19:24:48 -0700 (PDT)


On Sun, 23 Oct 1994, der Mouse wrote:

 <message clipped>

This appears to be a forged attempt to mailbomb someone else.  If you
read the headers carefully, you'll see that SFU appears in only the
From: header - the letter comes from helix.net and has a helix.net
Message-ID.  And when I looked at vanepp () sfu ca....


Yes, vanepp () sfu ca is the guy in charge of security at SFU.

Computing Services?  "staff"?  A staff person at SFU surely knows
better than to send out this piece of stupidity, especially since "expn
root" informs me that vanepp is one of nine people who get root's mail.


Yes, he knows better.

So I think someone on helix.net originated this, probably the person
responsible for the first piece of stupidity.  What vanepp has to do
with it I have trouble imagining; I would suspect that sfu.ca had been
cracked and vanepp's .forward file replaced to point to the real
culprit, but EXPN and VRFY on whistler's SMTP server don't give me that
impression.


The account was one of Helix's.  It was cracked.

I suppose it's _possible_ that Peter Van Epp _is_ the person
responsible and that the mail was forged from his account on helix.net,
but that seems extremely unlikely.


Exactly.  He is not the responsible one.

I'm sending a copy to root () sfu ca so that (a) vanepp probably gets it,
and (b) if vanepp's mail is being stolen somehow that I can't see
through VRFY and EXPN, the other roots there can deal with it.


The cracker just wants to mailbomb vanepp.  He's done it before, he'll
do it again.  Just not from *my* site, if I have anything to say about
it.

Does ANYBODY have any code that will limit the number of messages a
single user can send per day??  Or any other code to detect mail
bombs?  Sending 5 identical messages to different addresses?  (Or the
same address, for that matter..)

--
Charles Howes -- chowes () helix net
 Always tell the truth, then you make it the other bloke's problem! 
 - Sean Connery, 1971

Current thread:

Another request for passwords Douglas R. Floyd (Oct 22)
- Re: Another request for passwords Charles Howes (Oct 23)
- Re: Another request for passwords That Whispering Wolf... (Oct 23)
  - Re: Another request for passwords Charles Howes (Oct 23)
    - Re: Another request for passwords christopher williams (Oct 24)
    - Re: Another request for passwords Brett Watson (Oct 25)
- Stupid crackers exploiting stupid users der Mouse (Oct 23)
  - Re: Stupid crackers exploiting stupid users Peter Van Epp (Oct 23)
  - Re: Stupid crackers exploiting stupid users Charles Howes (Oct 23)
    - Re: Stupid crackers exploiting stupid users pluvius (Oct 25)
    - Re: Stupid crackers exploiting stupid users Charles Howes (Oct 26)
    - Sun Mouse Bug David J. Bianco (Oct 26)
    - Network Volumetric Analysis (NVA) software Frank R. Swift (Oct 26)
- Re: Another request for passwords Justin J. Lister (Oct 23)
  - Re: Another request for passwords christopher williams (Oct 23)
    - Re: Another request for passwords Doug McLaren (Oct 24)
    - Re: Another request for passwords Charles Howes (Oct 27)
- Re: Another request for passwords Chris Swanson (Oct 23)
  - Re: Another request for passwords Charles Howes (Oct 23)

(Thread continues...)