North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: WTF?
On Wed, 19 Nov 1997, James D. Butt wrote: ) Here is what I received from [email protected] ) ) ------------------------------------------------------------------------- ) DUP 11/19/97 10:56:24 ) ) Thank you for notifying us. ) ) This individual has been warned regarding the consequences of sending ) Unsolicited Commercial Email. ) Continued violations will result in an account cancellation. Please ) inform us if any other abuse originated from<ibm.net> customers. That's truly wondrous as, after sending: >From [email protected] Wed Nov 19 17:37:59 1997 Date: Mon, 17 Nov 1997 20:25:48 -0500 (EST) From: Daniel Reed <[email protected]> To: [email protected], [email protected] Subject: OWNED (fwd) I have reason to believe one of your customers, perhaps still connectected to your service, has been maliciously attacking the NANOG mailing list ([email protected]). Today the NANOG mailing list was subscribed to itself, it received a bounce that showed us (the subscribers) an attempt to subscribe it to several lists at a remote server, and was also subscribed to some Marilon Monroe fan mailing list. We then received this message, and as the headers indicate, it appears to be originating from some ibm.net dialup user. Received: from microsoft.com (166.72.5.121) by www.RVC.CC.IL.US ^^^^^^^^^^^^ (EMWAC SMTPRS 0.81) with SMTP id <[email protected]>; Mon, 17 Nov 1997 18:56:25 -0600 [email protected]:~# host 166.72.5.121 121.5.72.166.IN-ADDR.ARPA domain name pointer slip166-72-5-121.il.us.ibm.net [email protected]:~# -- Daniel Reed <[email protected]> System administrator of narnia.n.ml.org (narnia.mhv.net [199.0.0.118]) Some people mistake genius for insanity. ---------- Forwarded message ---------- Return-Path: [email protected] Received: from merit.edu [198.108.1.42] by mail.n.ml.org (Sendmail 8.8.8) via ESMTP (UAA16049-199711180120) for address <[email protected]> on Mon, 17 Nov 1997 20:20:11 -0500 (EST) Received: from localhost ([email protected]) by merit.edu (8.8.7/8.8.5) with SMTP id TAA04909; Mon, 17 Nov 1997 19:43:41 -0500 (EST) Received: by merit.edu (bulk_mailer v1.5); Mon, 17 Nov 1997 19:43:36 -0500 Received: (from [email protected]) by merit.edu (8.8.7/8.8.5) id TAA04897 for nanog-outgoing; Mon, 17 Nov 1997 19:43:34 -0500 (EST) Received: from www.RVC.CC.IL.US (www.RVC.CC.IL.US [207.142.145.2]) by merit.edu (8.8.7/8.8.5) with SMTP id TAA04884 for <[email protected]>; Mon, 17 Nov 1997 19:43:16 -0500 (EST) Received: from microsoft.com (166.72.5.121) by www.RVC.CC.IL.US (EMWAC SMTPRS 0.81) with SMTP id <[email protected]US>; Mon, 17 Nov 1997 18:56:25 -0600 Date: Mon, 17 Nov 1997 18:56:25 -0600 Message-ID: <[email protected]> From: Bill Gates III <[email protected]> Subject: OWNED Sender: [email protected] To: undisclosed-recipients:; /* snipped many lines of garbage */ I received back: >From [email protected] Wed Nov 19 17:38:33 1997 Date: Tue, 18 Nov 1997 16:15:13 EST From: [email protected] To: [email protected] Subject: OWNED (FWD) Ref #: USINET 2048052 MAIL FROM:<Problem Mgmt> RCPT TO:<[email protected]> DATA Date: Tue, 18 NOV 97 16:14:53 est From: Problem Mgmt To: <[email protected]> Cc: Subject: OWNED (FWD) Ref #: USINET 2048052 An incident reported by you has been updated. The incident # is listed below. Do not respond to this e-mail. For Account: USINET Incident Number: 2048052 Status: PENDING Sev: 4 Last Updated: Tue, 18 NOV 97 16:14:53 PROBLEM UPDATED. ************************************************************************* Summary: OWNED (FWD) ------------------------------------------------------------------------- RESP 11/18/97 16:14:49 Hello, Based on the information you ave sent we are unable to match the time and ip of the header to the time and ip on our dial gateways. This header look's a bit strange, the ip does not contain a "slip" in front of it. I think that this header has been manipulated in form way. Regards, [email protected] ************************************************************************* Please do not respond to this address. Respond to [email protected] to which I replied, pointing out the fact that the IP address in question, when reverse resolved (which I had even included in my original message) did, in fact, begin with "slip" and end with "ibm.net." However, when I replied to [email protected], as I was told to by the note at the bottom of the message, I received no less than 6 messages telling me I should have sent that reply to [email protected] I then wrote an almost-sorta- mildly nasty note to [email protected] telling them to please get their act straight and figure out who it is, in fact, I should be contacting. I then received several more emails telling me *that* should have gone to [email protected] as well. However, I believe that all of the insightful messages announcing that "it appears we were just mailbombed, oh my!" were arguably more detrimental to the flow of information on this list than the actual subscription and message bombs that prompted them. After one of the 56 mailing lists I host on narnia is mailbombed, I make it a habit of closing all postings to that list. Not to prevent further mailbombs, as I usually find out about it too late, but to prevent the flood of "oh my, what'll we do, someone stop this madness!" messages that almost always outbomb the mailbomb. -- Daniel Reed <[email protected]> System administrator of narnia.n.ml.org (narnia.mhv.net [199.0.0.118]) What was the best thing before sliced bread?
|