This probably belongs in net-abuse.email, but since many list admins
are also sys admins, I thought this may be of interest to this list,
as some of these guys are gathering addresses from lists.
Couple of days ago, I got hit with an email denial-of-service type of
attack, which exploits weaknesses of the smtp server I am running and
which can exploit any poorly configured smtp server. By using the
same host name as mine from a different IP, the spammer sent 1000's
of email messages - mostly to UK addresses for forwarding. It brought
the tiny node I run to its knees - basically stopping the works. The
email actually extolled the virtues of MaxxAnon, an anonymous
remailer. You can see the same host is in Isle of Man, UK one minute,
the good ole USA the next. :-)
> > Received: from ec2.earthchannel.com ([205.160.16.65]) by
> > relay-9.mail.demon.net
> > id aa906103; 5 Feb 97 1:52 GMT
> > Received: from ec2.earthchannel.com (unverified [194.72.197.146])
> > by ec2.earthchannel.com
I am working with enterprise.net, an ISP in UK to locate this cretin.
What I want to bring to your attention is MaxxAnon's author
apparently spends his time probing the net for smtp servers which can
be abused and offers a list of these as an incentive to register his
shareware program. Lucky me, I made his list.
From: http://www.serve.com/jrp/index.html
"MaxxAnon! - Registered users get our latest list of SMTP servers to
send out through giving extra anonymity free of charge!"
Generous, isn't he?
Not only I did I get the bandwidth stolen, but I am now dealing with
1000's of bounces, one mail bomb attempt as retaliation,
polite and not so polite reminders on how to run an ISP (which I am
not) and so on. What a waste of time and resources! All this - even
after catching it in process and eliminating a bunch of outgoing
mail.
Gess
Trying to shut the door after getting cleaned out... :-)
References:
|
|
