Re: Stupid crackers exploiting stupid users

Charles Howes (chowes@helix.net)
Sun, 23 Oct 1994 19:24:48 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Charles Howes: "Re: Another request for passwords"
Previous message: Charles Howes: "Re: Another request for passwords"
In reply to: der Mouse: "Stupid crackers exploiting stupid users"
Next in thread: pluvius: "Re: Stupid crackers exploiting stupid users"

On Sun, 23 Oct 1994, der Mouse wrote:

 <message clipped>

> This appears to be a forged attempt to mailbomb someone else.  If you
> read the headers carefully, you'll see that SFU appears in only the
> From: header - the letter comes from helix.net and has a helix.net
> Message-ID.  And when I looked at vanepp@sfu.ca....

Yes, vanepp@sfu.ca is the guy in charge of security at SFU.

> Computing Services?  "staff"?  A staff person at SFU surely knows
> better than to send out this piece of stupidity, especially since "expn
> root" informs me that vanepp is one of nine people who get root's mail.

Yes, he knows better.

> So I think someone on helix.net originated this, probably the person
> responsible for the first piece of stupidity.  What vanepp has to do
> with it I have trouble imagining; I would suspect that sfu.ca had been
> cracked and vanepp's .forward file replaced to point to the real
> culprit, but EXPN and VRFY on whistler's SMTP server don't give me that
> impression.

The account was one of Helix's.  It was cracked.

> I suppose it's _possible_ that Peter Van Epp _is_ the person
> responsible and that the mail was forged from his account on helix.net,
> but that seems extremely unlikely.

Exactly.  He is not the responsible one.

> I'm sending a copy to root@sfu.ca so that (a) vanepp probably gets it,
> and (b) if vanepp's mail is being stolen somehow that I can't see
> through VRFY and EXPN, the other roots there can deal with it.

The cracker just wants to mailbomb vanepp.  He's done it before, he'll
do it again.  Just not from *my* site, if I have anything to say about
it.

Does ANYBODY have any code that will limit the number of messages a
single user can send per day??  Or any other code to detect mail
bombs?  Sending 5 identical messages to different addresses?  (Or the
same address, for that matter..)

--
Charles Howes -- chowes@helix.net
 Always tell the truth, then you make it the other bloke's problem! 
 - Sean Connery, 1971

Next message: Charles Howes: "Re: Another request for passwords"
Previous message: Charles Howes: "Re: Another request for passwords"
In reply to: der Mouse: "Stupid crackers exploiting stupid users"
Next in thread: pluvius: "Re: Stupid crackers exploiting stupid users"