Great Circle Associates List-Managers
(February 1997)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Anonymous remailer (may be off-topic)
From: "Gess Shankar" <gess @ earthchannel . com>
Organization: Earth Channel Communications LLC
Date: Thu, 6 Feb 1997 06:01:26 -0500
To: list-managers @ greatcircle . com
Comments: Authenticated sender is <gess@ec2.earthchannel.com>
In-reply-to: <v03010d05af1f5df2b0f3@[130.209.33.78]>
Reply-to: gess @ earthchannel . com

This probably belongs in net-abuse.email, but since many list admins 
are also sys admins, I thought this may be of interest to this list, 
as some of these guys are gathering addresses from lists.

Couple of days ago, I got hit with an email denial-of-service type of 
attack, which exploits weaknesses of the smtp server I am running and 
which can exploit any poorly configured smtp server. By using the 
same host name as mine from a different IP, the spammer sent 1000's 
of email messages - mostly to UK addresses for forwarding. It brought 
the tiny node I run to its knees - basically stopping the works. The 
email actually extolled the virtues of MaxxAnon, an anonymous 
remailer. You can see the same host is in Isle of Man, UK one minute, 
the good ole USA the next. :-)

> > Received: from ec2.earthchannel.com ([205.160.16.65]) by
> > relay-9.mail.demon.net
> >            id aa906103; 5 Feb 97 1:52 GMT
> > Received: from ec2.earthchannel.com (unverified [194.72.197.146])
> > by ec2.earthchannel.com

I am working with enterprise.net, an ISP in UK to locate this cretin. 
What I want to bring to your attention is MaxxAnon's author 
apparently spends his time probing the net for smtp servers which can 
be abused and offers a list of these as an incentive to register his 
shareware program. Lucky me, I made his list.

From: http://www.serve.com/jrp/index.html

"MaxxAnon! - Registered users get our latest list of SMTP servers to
send out through giving extra anonymity free of charge!"

Generous, isn't he?

Not only I did I get the bandwidth stolen, but I am now dealing with
1000's of bounces, one mail bomb attempt as retaliation,
polite and not so polite reminders on how to run an ISP (which I am
not) and so on. What a waste of time and resources! All this - even 
after catching it in process and eliminating a bunch of outgoing 
mail.

Gess
Trying to shut the door after getting cleaned out... :-)


References:
Indexed By Date Previous: Re: fresh horror from AOL
From: Brock Rozen <brozen@webdreams.com>
Next: Re: fresh horror from AOL
From: "Merrill Cook" <mcook@pcusa01.ecunet.org>
Indexed By Thread Previous: WG-QMN: possible spam from shiang@EARTHLINK.NET
From: John Martin <martin@terena.nl>
Next: Fake email - a partial solution?
From: Peter Taylor <Peter.Taylor@newcastle.ac.uk>

Google
 
Search Internet Search www.greatcircle.com