[90] in bugtraq
Re: Stupid crackers exploiting stupid users
daemon@ATHENA.MIT.EDU (Charles Howes)
Sun Oct 23 23:45:27 1994
Date: Sun, 23 Oct 1994 19:24:48 -0700 (PDT)
From: Charles Howes <chowes@helix.net>
To: der Mouse <mouse@Collatz.McRCIM.McGill.EDU>
Cc: bugtraq@fc.net, dfloyd@paris.eng.utsa.edu, root@helix.net, root@sfu.ca
In-Reply-To: <199410231226.IAA01661@Collatz.McRCIM.McGill.EDU>
On Sun, 23 Oct 1994, der Mouse wrote:
<message clipped>
> This appears to be a forged attempt to mailbomb someone else. If you
> read the headers carefully, you'll see that SFU appears in only the
> From: header - the letter comes from helix.net and has a helix.net
> Message-ID. And when I looked at vanepp@sfu.ca....
Yes, vanepp@sfu.ca is the guy in charge of security at SFU.
> Computing Services? "staff"? A staff person at SFU surely knows
> better than to send out this piece of stupidity, especially since "expn
> root" informs me that vanepp is one of nine people who get root's mail.
Yes, he knows better.
> So I think someone on helix.net originated this, probably the person
> responsible for the first piece of stupidity. What vanepp has to do
> with it I have trouble imagining; I would suspect that sfu.ca had been
> cracked and vanepp's .forward file replaced to point to the real
> culprit, but EXPN and VRFY on whistler's SMTP server don't give me that
> impression.
The account was one of Helix's. It was cracked.
> I suppose it's _possible_ that Peter Van Epp _is_ the person
> responsible and that the mail was forged from his account on helix.net,
> but that seems extremely unlikely.
Exactly. He is not the responsible one.
> I'm sending a copy to root@sfu.ca so that (a) vanepp probably gets it,
> and (b) if vanepp's mail is being stolen somehow that I can't see
> through VRFY and EXPN, the other roots there can deal with it.
The cracker just wants to mailbomb vanepp. He's done it before, he'll
do it again. Just not from *my* site, if I have anything to say about
it.
Does ANYBODY have any code that will limit the number of messages a
single user can send per day?? Or any other code to detect mail
bombs? Sending 5 identical messages to different addresses? (Or the
same address, for that matter..)
--
Charles Howes -- chowes@helix.net
Always tell the truth, then you make it the other bloke's problem!
- Sean Connery, 1971
