From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 27 May 1996 16:10:29 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: WhoWhere Robot strikes again
In-Reply-To: <01I56K3M2RAU8Y4ZV3@mbcl.rutgers.edu>
Message-ID: <Pine.GUL.3.93.960526220513.10152I-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 27 May 1996, E. ALLEN SMITH wrote:

> a (randomly-created) link to http://foo.bar.com/563.html etcetera? Or are they
> looking at more specific locations that couldn't be faked this way?

What they are doing is spidering the entire web looking for anything that
looks like an email address, running a dictionary finger attack on the
host part of any email addresses they find, and reporting things that look
like lists of email addresses to humans (or the closest approximation
employed by WhoWhere). Usually they do port scans for http and whois
servers too.

The way they bootstrapped their database was with dictionary searches on
InterNIC and okra.ucr.edu, with a significant enough effect that lawsuits
were considered.

-rich