Great Circle Associates List-Managers
(March 1999)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: list attacks
From: Joe Brennan <brennan @ watsun . cc . columbia . edu>
Date: Fri, 19 Mar 99 8:28:44 EST
To: Benji Spencer <spunge @ spunge . org>
Cc: List-Managers @ GreatCircle . COM, majordomo-users @ GreatCircle . COM
In-reply-to: Your message of Thu, 18 Mar 1999 22:21:25 -0600

> Hello
> 
> one of the sites that I run majordomo (1.94.3 on one, and 1.94.4 on the
> other) seems to be egtting hit his mass-subscribes. No, not the type where
> a lot of people are subscribed, but rather where 1 person attempts to join
> all the lists at a site.

Are they coming from telmex.net.mx (I don't mean the From line, I mean
the host sending them-- look at syslog)?  Somebody's been abusing over
100 majordomo sites including us.  We are seeing about 200 individual
separate messages per victim, taking about 15 minutes start to finish.
Some are subscribe messages and some are "help".  Three addresses at
apc.org have been hit, and four others, from March 12 to 18.

All our lists are either closed or open+confirm, so impact is limited
to one reply per message, but 200 in still is 200 out, and if the perp
is doing this at over 100 sites as I was told by apc.org's postmaster,
that's a lot of mail.  He says many lists elsewhere were set to open or
auto.

I just saw more this morning, but for the first time not from
telmex.net.mx.  And I think some of this morning's were probes to see
what IPs we have blocked (we got all of telmex.net.mx's dialups) in
preparation for more.  I'm going to study them shortly.

Joseph Brennan  Postmaster  Academic Information Systems
                Columbia University in the City of New York
                postmaster@columbia.edu




Follow-Ups:
Indexed By Date Previous: Re: list attacks
From: Nick Simicich <njs@scifi.squawk.com>
Next: Re: list attacks
From: "Nathan J. Mehl" <memory@blank.org>
Indexed By Thread Previous: Re: list attacks
From: Nick Simicich <njs@scifi.squawk.com>
Next: Re: list attacks
From: "Nathan J. Mehl" <memory@blank.org>

Google
 
Search Internet Search www.greatcircle.com