From: hughes@ah.com (Eric Hughes)
To: cypherpunks@toad.com
Message Hash: fc2501b5c9a0219cca7cf460daba67e2ea778f5b3671877883cd8b22dc18e456
Message ID: <9401222142.AA06465@ah.com>
Reply To: N/A
UTC Datetime: 1994-01-22 21:36:26 UTC
Raw Date: Sat, 22 Jan 94 13:36:26 PST
From: hughes@ah.com (Eric Hughes)
Date: Sat, 22 Jan 94 13:36:26 PST
To: cypherpunks@toad.com
Subject: ADMIN: toad got mailbombed
Message-ID: <9401222142.AA06465@ah.com>
MIME-Version: 1.0
Content-Type: text/plain
Tim mentioned that he'd had some problems getting stuff back from the
list. Others have sent me mail wondering about strange formats from
the mailer. Well, toad got mailbombed.
The culprit--and no attempt at anonymity here--was 'css@netcom.com'.
He was trying to get off the list by sending to
owner-cypherpunks@toad.com. Well that address is a bounce handling
address, and I don't read it very often, and then I ignore
non-computer generated messages. Two words: clueless and projecting.
He made at least three separate kinds off attacks: sending mail back
to posters to the list, sending mail back to the list at large, and
mailbombing toad with UNSUBSCRIBE x 200 messages, many (several dozen)
at a time.
What is humorous to me is not the lost sysadmin time (hours) but the
lack of sophistication in the attack. No attempt at hiding identity,
lack of creativity in bomb content, lack of specificity in targeting.
For example, he could have forged a post to one of the .test groups in
usenet with the list administrator (me) as target. Hundreds of
messages would have flowed in to my mailbox over the next week,
cramping my ability to use my inbox. Such a forgery could be done,
say, by using an anonymous poster and gluing in a Reply-To: field.
Or even better might have been picking a large mailing list that
doesn't rewrite header fields and making sure that it leaves the
mailer with 17 Received: fields and an Errors-To: field pointing to
the victim. The cypherpunks alias on toad, for example, tacks on 3
Received fields in addition to the one or two that your mailer uses,
but you can just add empty Received: fields--the code that bounces
mail when it sees more than 17 (or 18-21, depending) Received: fields
doesn't look at their contents. These fields can be added with
outgoing ## header pasting, for example. I do not recommend using the
cypherpunks mailing list for this purpose, however.
Eric
Return to January 1994
Return to “hughes@ah.com (Eric Hughes)”
1994-01-22 (Sat, 22 Jan 94 13:36:26 PST) - ADMIN: toad got mailbombed - hughes@ah.com (Eric Hughes)