North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

possible scam?

  • From: Jim Mercer
  • Date: Wed Nov 03 11:23:27 1999

the following two messages were recieved by me (and more likely many others)

the author, Joe Baptista, is a known loon in the Toronto area.

i'm not sure if he has reformed or if this is some scam he is running.

Message #1
----- Forwarded message from [email protected] -----
Date: Wed, 3 Nov 1999 05:23:10 -0500
From: [email protected]
To: [email protected]
Subject: hello hostmaster for SOA [email protected]





   * ATTENTION - Our SMTP (MailServers) are being subjected to a DOS *
   * (Denial of Service) Attack.
   *                                                                 *
   * BECAUSE OF THIS ATTACK - you may receive two copies of this     *
   * this email.                                                     *

I am a domain administrator with Planet Communications & Computing 
Facility.  We are a private network research facility.  I am contacting 
you with respect to the BIND 1999 Survey of Internet hosts and ICANN - 
the Internet Corporation for Assigned Names and Numbers.

We conduct and maintain the BIND (Berkley Internet Name Daemon) survey 
databases.  Over the years we have used the BIND surveys to assist the 
United States Government and the Department of Defense in closing security 
holes in the domain name system infrastructure.

This year we have received financial assistance which has allowed us to 
conduct an extensive enumeration of internet domain name servers.  You 
are receiving this message because servers where you are listed as the 
SOA (source of authority) have been included in the most recent BIND 

We would like to invite you to pickup a report from us which details all 
information available on your servers as reported in the public dns 
system.  The report includes a number of tests results from queries made 
on your name servers and provides details on the status of any failed or 
passed tests.  If you are running BIND versions which can be hacked, or 
are insecure, those detail are reported and supporting information 
provided to assist you in closing potential security holes. 

A separate message has been emailed to you with instructions on how to 
extract information on your servers from our databases.  It's fairly 
simple, all you have to do is reply to the message and keep the subject 
line intact.  We have emailed it with a subject header labeled 
CONFIDENTIAL.  In the event you may want to forward this message to 
others, you can do so without inadvertently allowing access to your 
database records.

We hope that you find this information of assistance.  Our intention is 
to fix the numerous problems encountered in the public domain name 
system.  This year we enumerated in excess of 200,000 name servers.  
Of those 25,000 have misconfigured SOA records, 12,000 do not resolve, 
62,000 are no longer operational and 22,000 can be easily hacked.

                        - ICANN -

In conclusion I would like to ask that you take an active role in 
Internet Governance.

The United States Government has assigned control of the Internet 
Domain System and Infrastructure to ICANN (The Internet Corporation 
for Assigned Names and Numbers) which represents big business 
interests, trademark lawyers and public telephone companys.  ICANN 
intends to tax domain names and the ip infrastructure.  To date a 
number of regulation have been imposed on internet registrars which 
take away existing rights and claims to second level domain names.

As a result of these efforts, a number of organizations have started 
alternate root infrastructures and intend in competing with ICANN.

This November 1-4 ICANN will be holding public meetings in Los Angeles.
If you live in or near LA, please try to attend.  If you don't, you can 
participate via remote.  Please help us get the word out.

Information on the meeting is available at:

Information on the people involved in what has been termed the domain 
name system wars is available at:

It is critcal to the internets future that it remain an open system.  As a 
domain administrator you have control over the root cache file which now 
points to the United States Government (USG) root servers.  If you don't 
like what ICANN and the USG is doing - you have the power to switch.

A number of alternative root servers now exists to assist you in making 
that choice.

Thank you for your time.

                                           Joe Baptista, Director
                                           Public Research

----- End forwarded message -----

Message #2
----- Forwarded message from [email protected] -----
Date: Wed, 3 Nov 1999 05:23:11 -0500
Message-Id: <[email protected]>
From: [email protected]
To: [email protected]
Subject: CONFIDENTIAL @TICKET:[email protected] - ACCESS to BIND report



   * ATTENTION - Our SMTP (MailServers) are being subjected to a DOS *
   * (Denial of Service) Attack.  Please see the following URL for   *
   * more instructions        *
   *                                                                 *
   * BECAUSE OF THIS ATTACK - you may receive two copies of this     *
   * this email.                                                     *

This message is automatically generated by the BIND (Berkeley Internet 
Name Daemon) Survey maintained by Planet Communications & Computing 
Facility, Ottawa, Ontario.

A message with a detailed explaination of the survey has been emailed to 
you under separate email cover.


This message contains details and access instructions on recovering survey 
data collected by us from the public domain name system.  A report of all 
name servers under your SOA RR (source of authority resource record) in 
which you have been listed as hostmaster.

To recover the information - you can reply to this message making sure you 
keep the subject header intact, or you can email [email protected] with a 
subject line of:

        @TICKET:[email protected]    

Please include the entire ticket - including ending period.

Please make sure you delete the body of the message, so you don't 
confuse our mailers.

Please note, it may take up to 24 hours for the system to compile your
report.  We are currently experiencing a denial of service attack 
which has delayed delivery of email.

If you mailer sends autoreplies, you may already have your report. 

                                           Joe Baptista, Director
                                           Public Research

----- End forwarded message -----