1994-07-29 - The penet compromise

Header Data

From: roy@sendai.cybrspc.mn.org (Roy M. Silvernail)
To: cypherpunks@toad.com
Message Hash: 2245fca19b33c7ef22c2b15eba3960160907c5207d17a817638833d9daa16300
Message ID: <940728.224039.3x8.rusnews.w165w@sendai.cybrspc.mn.org>
Reply To: N/A
UTC Datetime: 1994-07-29 05:05:21 UTC
Raw Date: Thu, 28 Jul 94 22:05:21 PDT

Raw message

From: roy@sendai.cybrspc.mn.org (Roy M. Silvernail)
Date: Thu, 28 Jul 94 22:05:21 PDT
To: cypherpunks@toad.com
Subject: The penet compromise
Message-ID: <940728.224039.3x8.rusnews.w165w@sendai.cybrspc.mn.org>
MIME-Version: 1.0
Content-Type: text/plain


I wrote earlier that I thought the penet attack was a forked strategy
intended to out anon users and flood anon.penet.fi.  Now I'm not so sure
it was forked.

I remember trying an experiment a while back, where I posted a message
to alt.test and saved all the replies.  There were less than a dozen.
misc.test provides much better response.

That lessens the probable impact of the return traffic to a rough
multiplier of 10.  And given the time spread (my experiment yielded
replies over 4 days), I don't know if this can be counted on to yield a
denial-of-service attack.  (I suppose it's possible the perp might be
trying to spam penet in the original sense, by trying to overrun
arbitrary limits in the server)

That leaves outing as the motive.  Now I'm wondering if the idea is to
out as many people as possible, or if the perp is searching for
a particular party or parties.  The formation of the messages (from
reports... I don't get alt.test locally) appears tailored for some kind
of automated data collection.
- -- 
       Roy M. Silvernail         [ ]  roy@sendai.cybrspc.mn.org
                    PGP public key available by mail
     echo /get /pub/pubkey.asc | mail file-request@cybrspc.mn.org
         These are, of course, my opinions (and my machines)

Version: 2.6