1996-05-27 - Re: WhoWhere Robot strikes again

Header Data

From: Rich Graves <llurch@networking.stanford.edu>
To: “E. ALLEN SMITH” <EALLENSMITH@ocelot.Rutgers.EDU>
Message Hash: 2574771f0099ee6e76ce5ca42e8438e584ec554ea5da5c88eb901cf6c17623d5
Message ID: <Pine.GUL.3.93.960526220513.10152I-100000@Networking.Stanford.EDU>
Reply To: <01I56K3M2RAU8Y4ZV3@mbcl.rutgers.edu>
UTC Datetime: 1996-05-27 08:10:29 UTC
Raw Date: Mon, 27 May 1996 16:10:29 +0800

Raw message

From: Rich Graves <llurch@networking.stanford.edu>
Date: Mon, 27 May 1996 16:10:29 +0800
To: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Subject: Re: WhoWhere Robot strikes again
In-Reply-To: <01I56K3M2RAU8Y4ZV3@mbcl.rutgers.edu>
Message-ID: <Pine.GUL.3.93.960526220513.10152I-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 27 May 1996, E. ALLEN SMITH wrote:

> a (randomly-created) link to http://foo.bar.com/563.html etcetera? Or are they
> looking at more specific locations that couldn't be faked this way?

What they are doing is spidering the entire web looking for anything that
looks like an email address, running a dictionary finger attack on the
host part of any email addresses they find, and reporting things that look
like lists of email addresses to humans (or the closest approximation
employed by WhoWhere). Usually they do port scans for http and whois
servers too.

The way they bootstrapped their database was with dictionary searches on
InterNIC and okra.ucr.edu, with a significant enough effect that lawsuits
were considered.

-rich






Thread