[71097] in North American Network Operators' Group
Re: Addresses for latest spam
daemon@ATHENA.MIT.EDU (Gregory Hicks)
Tue Jun 8 14:25:31 2004
Date: Tue, 8 Jun 2004 11:24:49 -0700 (PDT)
From: Gregory Hicks <ghicks@cadence.com>
Reply-To: Gregory Hicks <ghicks@cadence.com>
To: adil@adis.on.ca, Valdis.Kletnieks@vt.edu
Cc: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
Isn't this called a "dictionary" attack?
> To: Adi Linden <adil@adis.on.ca>
> Cc: nanog@merit.edu
> Subject: Re: Addresses for latest spam
> From: Valdis.Kletnieks@vt.edu
> Date: Tue, 08 Jun 2004 11:44:50 -0400
>
> On Tue, 08 Jun 2004 09:06:35 CDT, Adi Linden <adil@adis.on.ca> said:
> >
> > Does anyone know how the latest email worms assemble the email addresses
> > they use? I am getting a large amount of junk destined for non-existant
> > (never existant) email accounts. So the address cannot be taken from the
> > various address books on the compromised PC's.
>
> I'll place bets on there being 'userA@domain1.net' and 'userB@domain2.com'
> in the address books, and the worm is creating all 4 combinations of left and
> right hand sides (and possibly other permutations too). So you're sitting at
> domain1.net and seeing 'userB@domain1.net' bouncing (and possibly
> 'userB@domain2.com' as well....)
>
> And of course, if it finds 200 addresses, you'll get the 1 valid LHS that
> was attached to your domain - and 199 LHS's that used to be attached
> to 199 other domain names and were probably never valid at your site.
>
> But since it's a compromised PC that belongs to somebody else and the
> spammer isn't paying for the bandwidth, they might as well try all 200x200,
> because they know 200 of them were valid, and maybe they'll get lucky
> and another 50 or 75 of the cross-product will happen to match too...
-------------------------------------------------------------------
Gregory Hicks | Principal Systems Engineer
Cadence Design Systems | Direct: 408.576.3609
555 River Oaks Pkwy M/S 6B1 | Fax: 408.894.3400
San Jose, CA 95134 | Internet: ghicks@cadence.com
I am perfectly capable of learning from my mistakes. I will surely
learn a great deal today.
"A democracy is a sheep and two wolves deciding on what to have for
lunch. Freedom is a well armed sheep contesting the results of the
decision." - Benjamin Franklin
"The best we can hope for concerning the people at large is that they
be properly armed." --Alexander Hamilton
