|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: We've been hit by the spammers, please have mercy
A technical correction: The netra, which resolves to graphnet.com, was the victim even though we have an MX record pointing elsewhere. I have locked the doors, it won't happen again on that machine -- its a firewall and I put in a rule to prevent off-campus smtp connections. The spammer kept hitting us while my attention was drawn to an unrelated outage with a major customer. Eventually he stopped hitting us and moved on. Meanwhile our real public mail server is vulnerable because it runs Netscape mail (netra runs solaris 2.4 until SunSoft gets our copy of 2.5.1 application server off back order; ditto an old sendmail). We consulted Netscape server support, they said their version of sendmail is vulnerable even in the very latest version of Messaging Server (which replaces mail server). Netscape has a nice web interface for mail but we will have to put a real sendmail machine in front or get rid of Netscape mail. Any opinions on whether this warrants a CERT advisory ? Someoone should post to bugtraq or something so the world knows -- and puts pressure on Netscape. Dana Hudes Graphnet p.s. Thanks to all who offered to help and/or e-mailed various statute citations. This seems a bit beyond the Teaneck police, does it go to FBI? Secret Service? Postal Inspectors? FCC? State Police? Interpol? Who has jurisdiction? > On May 5, 1997 at 13:01 [email protected] (Dana Hudes) wrote: > > Folks, > > Over the weekend someone decided to use our (Graphnet/globalis.net) > > mail server for sending spam. We are in the process of dealing with > > this and some internal network outages all at once. FYI, our mail server > > is running the very latest Solaris 2.5.1 + patches but the software > > is Netscape Mail server which replaces Sendmail with its very own. I > > thought they claimed it could not be used for transit mail but > > apparently either the claim was false or I misunderstood. > > > > Our small staff is strained to capacity working on these issues this > > monday morning. Please, stop sending mail to [email protected] and > > attacking us > > You are making the problem worse by flooding us with mail. > > Please do not blackhole us we have never been a problem before with > > this and thought we had taken preventative measures. Obviously these > > measures failed but we are working with Netscape to understand why their > > sendmail version allowed this to happen. > > > > Don't shoot me, I'm one of the good guys.... > > We want to take action with law enforcement to find and prosecute the > > spammer for denial of service attacks and theft of services. Pointers > > to appropriate law enforcement agencies appreciated, also tips on > > tracking the source down. Ditto applicable NJ and US statutes. I assume > > not every spam comes from cyberpromo using one's server for transit > > mail. > > > > Dana Hudes > > Senior Network Engineer > > Graphnet - - - - - - - - - - - - - - - - -
|