[9854] in bugtraq
Re: SMTP server account probing
daemon@ATHENA.MIT.EDU (Frank Miller)
Tue Mar 9 14:33:51 1999
Date: Tue, 9 Mar 1999 08:57:32 -0800
Reply-To: Frank Miller <frankm@BEND.OR.US>
From: Frank Miller <frankm@BEND.OR.US>
X-To: Brett Glass <brett@LARIAT.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <4.1.19990308115212.041b17b0@localhost>
The following is from the company (earthonline.com) that wrote the
commerical software
that performed the dictionary attack against MTA's. I do have copies of the
software
and can generate a list of 'hard coded' ISP's that were probed, if desired.
Dear ISP and Fellow Internet User,
GeoList Professional has been removed from the
Earthonline Product Line.
If used as it was intended, this product would
have created email address lists that would
have proven highly targeted to a specific state
or region.
Although GeoList is only one of many different
programs that verify state related email
addresses on the market, we find it appropriate
for the good of the Internet Community, that we
pull this product from our shelves.
GeoList was designed for the individual or
business looking for a target market in
specific states or regions. Initially this
program was developed for an online political
campaign. The candidates campaign staff
requested the ability to target their specific
region. GeoList, utilized in this market,
proved effective; for this reason Earthonline
released it as a targeted lead generation
product.
The subsequent mis-use of GeoList Professional
by certain companies and individuals has
reportedly made it difficult on the ISPs. As
GeoList validates a list of user names and
matches them with email addresses in the given
state, it was our intent to target email
addresses for any give "region specific"
campaign.
It is undetermined how end-users were using
this product. However, we have had reports of
customers using this product as a non-targeted
spam list collection tool. Earthonline stands
behind targeted email notification and
solicitation of targeted lead lists. However,
we do not condone or promote spam as a way to
market products or services. Our products are
intended as a cost effective way for companies
and organizations to email their customers, and
clients, with new product offerings, updates,
and/or informative news.
GeoList Professional has reportedly been used
"not as intended" - and although we could limit
the sales of the product to certain individuals
and companies, we choose not to sensor those
customers of our products. However, with
reports of how the GeoList product is being
used; It is our decision to make GeoList a
discontinued product as of March 08, 1999.
As the technology within GeoList is not
proprietary to Earthonline, the discontinuation
of this product will not be the discontinuation
of other products in the marketplace that
promote similar functionality.
If you should have direct questions, or
comments regarding this notice, email to:
info@earthonline.com
- Earthonline Administration
> -----Original Message-----
> From: Bugtraq List [mailto:BUGTRAQ@netspace.org]On Behalf Of Brett Glass
> Sent: Monday, March 08, 1999 11:13 AM
> To: BUGTRAQ@netspace.org
> Subject: SMTP server account probing
>
>
> Several ISPs throughout the Net are reporting an attack described at
>
> http://www.l8r.com/nwa/nwa1.htm
>
> In this attack, an SMTP server is probed for common names, presumably
> so that spam can the be targeted at them. The attacking machine
> connects and issues hundreds of RCPT TO: commands, searching a long
> list of common user names (e.g. susan) for ones that don't cause
> errors. It then compiles a list of target addresses to spam.
>
> Unfortunately, the attack -- besides allowing the perpetrator to spam
> users -- also brings SMTP servers to their knees. This happens most
> often if the server maintains lists of user names in a database where
> looking up a name requires substantial disk activity or computational
> overhead.
>
> Some people whose domain names have been hard-coded into a commercial
> program designed to implement this attack have responded with outrage,
> e.g.
>
http://www.junk.org/earthonline/
I'm surprised that I haven't seen this one on the Bugtraq list yet.
--Brett Glass
