In case any participants of NANOG 20 had any confidence left in the FBI after their Carniwhore presentation and getting shit from an attendee for an apparent illegal wiretap without a warrant in a network owned by said attendee's company, check this out: FBI confiscates computers of "curious" RPI student in aftermath of the yankees.com hack: Sounds like Operation Sundevil all over again (that one having gone down under SS direction): http://www.kuro5hin.org/?op=displaystory;sid=2000/10/31/0481/1037 http://slashdot.org/articles/00/10/31/025228.shtml If this gets a message across to network providers and individuals alike: The FBI is wasting your time, their own time and should be ignored and avoided at all cost. Imminent fall-out: Networks under my control (and more so some I've been called in to assist) are currently under attack by SMTP dictionary-attackers, which seems to be reincarnations of the ghosts of GeolistPro. [ scumbags that are trying to deliver spam, and/or are trying to learn every possible email address in a given domain, to the tune of up to 550,000 per attack (there's obviously a lot of usernames@ scraped from existing spam-lists). Did you ever have 500,000 mails in your Lotus Notes mail spool, because the product (by default) is too dumb to discard undeliverables and keeps them nicely for the postmaster to review ? This even brings Quad-PIII/600Mhz machines with 2GB of RAM to its knees. Now think of the attackers reselling these 500,000 'confirmed' email addresses to other spammers...the future damages of this bogus "data collection" will quickly reach 10,000's of dollars) Does the LE community honestly believe that I will encourage the owners of these networks to contact the authorities instead of suing the shit out the attackers in civil court instead? I didn't think so... And as far as this concerns this fucked up incident at RPI: Dear Almighty, please shine some clue rays down on Albany and Troy (apart from RPI, that's one VERY fucked up and run-down town), two towns that are badly in need of such grace, along with the local FBI office, which seems staffed by people who need to do a few more runs thru the Reston FLETC for 'computer training' (that moved to Quantico?), because the first time obviously didn't improve their clue level a whole lot and just caused confusion. (Hey Kim C., after 7 years, you still have a lot of work left to do with 'dem bloody recruits)
Networks under my control (and more so some I've been called in to assist) are currently under attack by SMTP dictionary-attackers, which seems to be reincarnations of the ghosts of GeolistPro. [ scumbags that are trying to deliver spam, and/or are trying to learn every possible email address in a given domain, to the tune of up to 550,000 per attack (there's obviously a lot of usernames@ scraped from existing spam-lists).
It's my belief that some (or all) of this activity is currently instigated by EarthOnline Software, makers of GeoList Pro. This URL is the basis for my suspicions: http://www.earthonline-software.com/targeted-a.html GeoList's "feature" was that it collected regionally targeted lists of e-mail addresses. How can one do that? The only two ways I can think of are dictionary attacks against ISP web servers ( GET /~aaaa) or dictionary attacks against ISP's SMTP servers (RCPT TO: <aaaaa>). The former method would be much less successful, since not all customers will have their own web directories, and not all providers will use the /~ syntax either. Mike P.S. The SMTP abuse listserv is still here: http://www.kopower.com/mailman/listinfo/smtpabuse
Mike Lewinski wrote:
It's my belief that some (or all) of this activity is currently instigated by EarthOnline Software, makers of GeoList Pro.
Mike, My entree into spamfighting came because my then-employer hosted an obnoxious spamware vendor (he actually performed the services, but didn't sell software) who caused some trouble for me. I hate spammers, and I loathe spamware vendors even more. That being said, I'm not sure how you can make the connection to Earthonline. -- ** To all who asked: The Chow now has a good home! Tnx for your interest ** Steve Sobol, BOFH, President 888.480.4NET 866.DSL.EXPRESS 216.619.2NET North Shore Technologies Corporation http://NorthShoreTechnologies.net JustTheNet/JustTheNet EXPRESS DSL (ISP Services) http://JustThe.net mailto:sjsobol@NorthShoreTechnologies.net Proud resident of Cleveland, Ohio
participants (3)
-
Kai Schlichting
-
Mike Lewinski
-
Steve Sobol