Full Disclosure mailing list archives

impersonation

From: full-disclosure () lists netsys com (Raymond Morsman)
Date: Thu, 15 Aug 2002 17:45:07 +0200
This is a multi-part message in MIME format.

------=_NextPart_000_0018_01C24483.7EFB7B10
Content-Type: text/plain;
        charset="us-ascii"
Content-Transfer-Encoding: 7bit

Yes, 
 
Adjust the list to add a passwd per user. Filter that line.
 
If you add authentication together with a cooldown period for
subscriptions the looneys will be hindered big time.
 
I was spoofed as well.
 
 
Raymond.
 
-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Alan Rouse
Sent: Thursday, August 15, 2002 16:54 PM
To: Full-Disclosure () lists netsys com
Subject: [Full-disclosure] impersonation
 
In case someone hasn't noticed, some of the recent spam messages have
apparently spoofed another list member's id.  I seriously doubt
thomas () suse org was referring people to the #phrack list.
 
Can something be done to filter messages that are impersonating another
user?

------=_NextPart_000_0018_01C24483.7EFB7B10
Content-Type: text/html;
        charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns=3D"http://www.w3.org/TR/REC-html40";>

<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">


<meta name=3DProgId content=3DWord.Document>
<meta name=3DGenerator content=3D"Microsoft Word 10">
<meta name=3DOriginator content=3D"Microsoft Word 10">
<link rel=3DFile-List href=3D"cid:filelist.xml@01C24483.7E672A50">
<!--[if gte mso 9]><xml>
 <o:OfficeDocumentSettings>
  <o:DoNotRelyOnCSS/>
 </o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:WordDocument>
  <w:SpellingState>Clean</w:SpellingState>
  <w:GrammarState>Clean</w:GrammarState>
  <w:DocumentKind>DocumentEmail</w:DocumentKind>
  <w:HyphenationZone>21</w:HyphenationZone>
  <w:EnvelopeVis/>
  <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
 </w:WordDocument>
</xml><![endif]-->
<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;
        mso-font-charset:0;
        mso-generic-font-family:swiss;
        mso-font-pitch:variable;
        mso-font-signature:553679495 -2147483648 8 0 66047 0;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {mso-style-parent:"";
        margin:0in;
        margin-bottom:.0001pt;
        mso-pagination:widow-orphan;
        font-size:12.0pt;
        font-family:"Times New Roman";
        mso-fareast-font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;
        text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
        {color:purple;
        text-decoration:underline;
        text-underline:single;}
span.emailstyle17
        {mso-style-name:emailstyle17;
        font-family:Arial;
        mso-ascii-font-family:Arial;
        mso-hansi-font-family:Arial;
        mso-bidi-font-family:Arial;
        color:windowtext;}
span.EmailStyle18
        {mso-style-type:personal-reply;
        mso-style-noshow:yes;
        mso-ansi-font-size:10.0pt;
        mso-bidi-font-size:10.0pt;
        font-family:Arial;
        mso-ascii-font-family:Arial;
        mso-hansi-font-family:Arial;
        mso-bidi-font-family:Arial;
        color:navy;}
span.SpellE
        {mso-style-name:"";
        mso-spl-e:yes;}
@page Section1
        {size:8.5in 11.0in;
        margin:1.0in 1.25in 1.0in 1.25in;
        mso-header-margin:35.4pt;
        mso-footer-margin:35.4pt;
        mso-paper-source:0;}
div.Section1
        {page:Section1;}
-->
</style>
<!--[if gte mso 10]>
<style>
 /* Style Definitions */=20
 table.MsoNormalTable
        {mso-style-name:"Table Normal";
        mso-tstyle-rowband-size:0;
        mso-tstyle-colband-size:0;
        mso-style-noshow:yes;
        mso-style-parent:"";
        mso-padding-alt:0in 5.4pt 0in 5.4pt;
        mso-para-margin:0in;
        mso-para-margin-bottom:.0001pt;
        mso-pagination:widow-orphan;
        font-size:10.0pt;
        font-family:"Times New Roman";}
</style>
<![endif]-->
</head>

<body lang=3DNL link=3Dblue vlink=3Dpurple =
style=3D'tab-interval:35.4pt'>

<div class=3DSection1>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
lang=3DEN-US
style=3D'font-size:10.0pt;font-family:Arial;color:navy;mso-ansi-language:=
EN-US'>Yes,
<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
lang=3DEN-US
style=3D'font-size:10.0pt;font-family:Arial;color:navy;mso-ansi-language:=
EN-US'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
lang=3DEN-US
style=3D'font-size:10.0pt;font-family:Arial;color:navy;mso-ansi-language:=
EN-US'>Adjust
the list to add a <span class=3DSpellE>passwd</span> per user. Filter =
that line.<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
lang=3DEN-US
style=3D'font-size:10.0pt;font-family:Arial;color:navy;mso-ansi-language:=
EN-US'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
lang=3DEN-US
style=3D'font-size:10.0pt;font-family:Arial;color:navy;mso-ansi-language:=
EN-US'>If
you add authentication together with a <span =
class=3DSpellE>cooldown</span>
period for subscriptions the <span class=3DSpellE>looneys</span> will be =
hindered
big time.<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
lang=3DEN-US
style=3D'font-size:10.0pt;font-family:Arial;color:navy;mso-ansi-language:=
EN-US'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
lang=3DEN-US
style=3D'font-size:10.0pt;font-family:Arial;color:navy;mso-ansi-language:=
EN-US'>I
was spoofed as well.<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
lang=3DEN-US
style=3D'font-size:10.0pt;font-family:Arial;color:navy;mso-ansi-language:=
EN-US'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
lang=3DEN-US
style=3D'font-size:10.0pt;font-family:Arial;color:navy;mso-ansi-language:=
EN-US'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
lang=3DEN-US
style=3D'font-size:10.0pt;font-family:Arial;color:navy;mso-ansi-language:=
EN-US'>Raymond.<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
lang=3DEN-US
style=3D'font-size:10.0pt;font-family:Arial;color:navy;mso-ansi-language:=
EN-US'><o:p>&nbsp;</o:p></span></font></p>

<div style=3D'border:none;border-left:solid blue 1.5pt;padding:0in 0in =
0in 4.0pt'>

<p class=3DMsoNormal><font size=3D2 face=3DTahoma><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Tahoma;mso-ansi-language:EN-US'>-----Original =
Message-----<br>
<b><span style=3D'font-weight:bold'>From:</span></b>
full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] <b><span =
style=3D'font-weight:
bold'>On Behalf Of </span></b>Alan Rouse<br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> Thursday, August =
15, 2002 16:54
PM<br>
<b><span style=3D'font-weight:bold'>To:</span></b>
Full-Disclosure () lists netsys com<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> =
[Full-Disclosure]
impersonation</span></font></p>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial;mso-ansi-language:EN-US'>In case someone =
hasn&#8217;t
noticed, some of the recent spam messages have apparently spoofed =
another list
member&#8217;s id.&nbsp; I seriously doubt <a =
href=3D"mailto:Thomas () suse org">thomas () suse org</a>
was referring people to the #phrack list.</span></font><span =
lang=3DEN-US
style=3D'mso-ansi-language:EN-US'><o:p></o:p></span></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial;mso-ansi-language:EN-US'>&nbsp;</span></font><sp=
an
lang=3DEN-US style=3D'mso-ansi-language:EN-US'><o:p></o:p></span></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span lang=3DEN-US =
style=3D'font-size:
10.0pt;font-family:Arial;mso-ansi-language:EN-US'>Can something be done =
to
filter messages that are impersonating another user?</span></font><span
lang=3DEN-US style=3D'mso-ansi-language:EN-US'><o:p></o:p></span></p>

</div>

</div>

</body>

</html>

------=_NextPart_000_0018_01C24483.7EFB7B10--
Current thread:

impersonation Alan Rouse (Aug 15)
- impersonation Raymond Morsman (Aug 15)
- impersonation Jonathan Rickman (Aug 15)
  - impersonation Charles Stevenson (Aug 15)
    - impersonation David Benfell (Aug 16)
- impersonation Nexus (Aug 15)
- impersonation Gary E. Miller (Aug 15)