1996-01-12 - Re: Novel use of Usenet and remailers to mailbomb from luzskru@cpcnet.com

Header Data

From: Rich Graves <llurch@networking.stanford.edu>
To: cypherpunks@toad.com
Message Hash: b3a6224497aefbd596e9e6f9943303ffe6e705b38b10f4023653188f43915c77
Message ID: <Pine.ULT.3.91.960112115942.10905O-100000@Networking.Stanford.EDU>
Reply To: <Q6q9w8m9LYlM085yn@netcom.com>
UTC Datetime: 1996-01-12 20:34:53 UTC
Raw Date: Sat, 13 Jan 1996 04:34:53 +0800

Raw message

From: Rich Graves <llurch@networking.stanford.edu>
Date: Sat, 13 Jan 1996 04:34:53 +0800
To: cypherpunks@toad.com
Subject: Re: Novel use of Usenet and remailers to mailbomb from luzskru@cpcnet.com
In-Reply-To: <Q6q9w8m9LYlM085yn@netcom.com>
Message-ID: <Pine.ULT.3.91.960112115942.10905O-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 12 Jan 1996, Alan Bostick wrote:

> Somebody, too clever for their own good by half, has come up with a
> novel way of using Usenet and anonymous remailers to perpetrate
> mailbombs.  The M.O. is to post a message to the naked-lady newsgroups
> saying "get pics in your mailbox! send this message to this address!),
> giving the email address of a cypherpunk-style anonymous remailer and
> including a pgp-encrypted message block.

Yuck.

Unless someone comes forward to say that they were the target of this 
attack, I'd guess that the target is the remailer network itself.

> > Xref: netcom.com alt.sex:292849 alt.sex.wizards:44144 alt.sex.magazines:11634 alt.binaries.pictures.erotica:364153 alt.binaries.pictures.erotica.blondes:48686 alt.binaries.pictures.erotica.female:130066 alt.sex.movies:91249 alt.sex.pictures:98757
> > Newsgroups: alt.sex,alt.sex.wizards,alt.sex.magazines,alt.binaries.pictures.erotica,alt.binaries.pictures.erotica.blondes,alt.binaries.pictures.erotica.female,alt.sex.movies,alt.sex.pictures
> > Path: netcom.com!ix.netcom.com!howland.reston.ans.net!news.sprintlink.net!nuclear.microserve.net!luzskru.cpcnet.com!www-39-190
> > From: luzskru@cpcnet.com (luzskru)
> > Subject: Get Penthouse and Playboy pics on your mail box!!
> > Message-ID: <1b7cc$12a26.20@luzskru.cpcnet.com>
> > Date: Thu, 11 Jan 1996 18:10:37 GMT
> > Organization: http://www.cpcnet.com/~luzskru/home.htm
> > X-Newsreader: News Xpress Version 1.0 Beta #4
> > Lines: 119

This article is still on nntp.stanford.edu. I've issued a cancel. Sites far 
removed from stanford.edu should consider doing the same.

luzskru@cpcnet.com, of course, doesn't exist, *BUT* there is a 
luzskru.cpcnet.com in the DNS.

And while every other port seems to be closed, there is an open NNTP port.

N:~> telnet luzskru.cpcnet.com nntp
Trying 198.70.185.5...
Connected to luzskru.cpcnet.com.
Escape character is '^]'.
200 luzskru.cpcnet.com NNS server version X2.06 ready - posting allowed
quit
205 closing connection - goodbye
Connection closed by foreign host.

postmaster@cpcnet.com is probably a victim of this, but he should still be 
flayed with a wet noodle for letting this happen.
 
-rich





Thread