ORBS Relay "Test" FCN ATTACK
Bob Allisat
bob at fcn.net
Fri Nov 20 19:36:04 UTC 1998
To whom it may concern,
At 16:31 EST, an attempt to do unauthorized mail relaying through the
scriba.org/FCN.NET server was made from your system. None of your users
have been authorized to do so, and as such, it is being viewed at as a
very serious matter.
This server does not authorize non-local users to relay mail. Attempts,
however, are logged. Allow us to remind you that the use of other people's
domain and user names may be pursued in a court of law for breach of
international copyright laws and impersonation.
Today's attack was very distasteful in behavior: not closing connections
properly, no proper from-line in the SMTP envelope, non-local user relay
attempt, and on top of this several attempts in very few seconds.
Attempting to do anything like this again may cause a lawsuit for the
attempt of breaking the system.
Please halt this activitiy, or risk legal action.
Gard
SCRIBA/FCN System Administrator
PS - We have repeatedly tried to e-mail
the originators of the attack but our
mail has been filtered from this site.
Further, our server has been attacked
several time more over the course of
this afternoon.
We have several reccomendations to make
to other people who may wish to work more
constructively in this regard:
- If you wish to engage in these activities
obtain the permission of the Server Admin
*before* attacking their machines.
- Keep a database of servers you have tested
(after obtaining permission) for future
referance and do not repeat your actions.
respectfully,
Bob Allisat
Free Community Network _ bob at fcn.net . http://fcn.net
http://fcn.net/allisat _ http://fcn.net/draft
To: <orbs at dorkslayers.com>, <nanog at merit.edu>
Cc: <abuse at dorkslayers.com>, <postmaster at dorkslayers.com>,
<admin at dorkslayers.com>, <abuse at simkin.com, postmaster at simkin.com>,
<admin at simkin.com>, <sword at dorkslayers.com>, <ahodgson at simkin.com>
________________________________________________________________
---------- Forwarded message ----------
Return-Path: junkmail
Received: (from root at localhost) by scriba.org (8.8.5/8.7.3) id QAA23362
for junkmail; Thu, 19 Nov 1998 16:32:02 -0500
Received: from [199.175.137.111:2905] by scriba.org with SLIME; Thu Nov 19
16:32:01 1998
X-Slime-scriba.org: Sender=
To: dorktest at dorkslayers.com
From: sender at dorkslayers.com
Date: Sun, 12 Jul 1998 01:51:21 GMT
X-Token: closhouv
X-Envelope-Sender: <null>
Message-Id: <208.222.122.049 at skynet.simkin.com>
Subject: ORBS Relay Test
X-Slime-Status: Junk
X-Slime-Recepients: <dorktest at dorkslayers.com>
This program tests for open relays.
Open relays will automatically be added to the Dorkslayers Open Relay
Blocking List (see http://www.dorkslayers.com/orbs/).
Do not use the above addresses to contact me - use orbs at dorkslayers.com.
---------- Slime LOG ----------
Thu Nov 19 16:31:30 1998 slime [199.175.137.111:2892] Connect
Thu Nov 19 16:31:31 1998 slime [199.175.137.111:2892] :
HELO skynet.simkin.com
Thu Nov 19 16:31:31 1998 slime [199.175.137.111:2892] :
MAIL FROM: <sender at dorkslayers.com>
Thu Nov 19 16:31:31 1998 slime [199.175.137.111:2892] :
RCPT TO: <dorktest at dorkslayers.com>
Thu Nov 19 16:31:31 1998 slime [199.175.137.111:2892] ERROR!
Attempt to relay mail to <dorktest at dorkslayers.com>
Thu Nov 19 16:31:31 1998 slime [199.175.137.111:2893] Connect
Thu Nov 19 16:31:32 1998 slime [199.175.137.111:2893] :
HELO skynet.simkin.com
Thu Nov 19 16:31:34 1998 slime [199.175.137.111:2893] :
MAIL FROM: <>
Thu Nov 19 16:31:34 1998 slime [199.175.137.111:2893] ERROR!
No @ sign in from: <>
Thu Nov 19 16:31:34 1998 slime [199.175.137.111:2893] :
RCPT TO: <dorktest at dorkslayers.com>
Thu Nov 19 16:31:35 1998 slime [199.175.137.111:2893] :
DATA
Thu Nov 19 16:31:35 1998 slime [199.175.137.111:2893]
From=junkmail Rcpt=junkmail
Thu Nov 19 16:31:35 1998 slime [199.175.137.111:2893] Sendmail=0
Thu Nov 19 16:31:36 1998 slime [199.175.137.111:2893] :
QUIT
Thu Nov 19 16:31:36 1998 slime [199.175.137.111:2893] Exiting
Thu Nov 19 16:31:36 1998 slime [199.175.137.111:2895] Connect
Thu Nov 19 16:31:37 1998 slime [199.175.137.111:2895] :
HELO skynet.simkin.com
Thu Nov 19 16:31:37 1998 slime [199.175.137.111:2895] :
MAIL FROM: <sender at dorkslayers.com>
Thu Nov 19 16:31:37 1998 slime [199.175.137.111:2895] :
RCPT TO: <dorktest at dorkslayers.com>
Thu Nov 19 16:31:37 1998 slime [199.175.137.111:2895] ERROR!
Attempt to relay mail to <dorktest at dorkslayers.com>
Thu Nov 19 16:31:38 1998 slime [199.175.137.111:2897] Connect
Thu Nov 19 16:31:38 1998 slime [199.175.137.111:2897] :
HELO skynet.simkin.com
Thu Nov 19 16:31:38 1998 slime [199.175.137.111:2897] :
MAIL FROM: <>
Thu Nov 19 16:31:38 1998 slime [199.175.137.111:2897] ERROR!
No @ sign in from: <>
Thu Nov 19 16:31:38 1998 slime [199.175.137.111:2897] :
RCPT TO: <dorktest at dorkslayers.com>
Thu Nov 19 16:31:39 1998 slime [199.175.137.111:2897] :
DATA
Thu Nov 19 16:31:40 1998 slime [199.175.137.111:2897] From=junkmail
Rcpt=junkmail
Thu Nov 19 16:31:40 1998 slime [199.175.137.111:2897] Sendmail=0
Thu Nov 19 16:31:40 1998 slime [199.175.137.111:2897] :
QUIT
Thu Nov 19 16:31:40 1998 slime [199.175.137.111:2897] Exiting
Thu Nov 19 16:31:45 1998 slime [199.175.137.111:2898] Connect
Thu Nov 19 16:31:48 1998 slime [199.175.137.111:2898] :
HELO skynet.simkin.com
Thu Nov 19 16:31:49 1998 slime [199.175.137.111:2898] :
MAIL FROM: <sender at dorkslayers.com>
Thu Nov 19 16:31:49 1998 slime [199.175.137.111:2898] :
RCPT TO: <dorktest at dorkslayers.com>
Thu Nov 19 16:31:49 1998 slime [199.175.137.111:2898] ERROR!
Attempt to relay mail to <dorktest at dorkslayers.com>
Thu Nov 19 16:31:49 1998 slime [199.175.137.111:2899] Connect
Thu Nov 19 16:31:50 1998 slime [199.175.137.111:2899] :
HELO skynet.simkin.com
Thu Nov 19 16:31:50 1998 slime [199.175.137.111:2899] :
MAIL FROM: <>
Thu Nov 19 16:31:50 1998 slime [199.175.137.111:2899] ERROR!
No @ sign in from: <>
Thu Nov 19 16:31:52 1998 slime [199.175.137.111:2899] :
RCPT TO: <dorktest at dorkslayers.com>
Thu Nov 19 16:31:52 1998 slime [199.175.137.111:2899] :
DATA
Thu Nov 19 16:31:52 1998 slime [199.175.137.111:2899] From=junkmail
Rcpt=junkmail
Thu Nov 19 16:31:53 1998 slime [199.175.137.111:2899] Sendmail=0
Thu Nov 19 16:31:53 1998 slime [199.175.137.111:2899] :
QUIT
Thu Nov 19 16:31:53 1998 slime [199.175.137.111:2899] Exiting
Thu Nov 19 16:31:54 1998 slime [199.175.137.111:2902] Connect
Thu Nov 19 16:31:55 1998 slime [199.175.137.111:2902] :
HELO skynet.simkin.com
Thu Nov 19 16:31:55 1998 slime [199.175.137.111:2902] :
MAIL FROM: <sender at dorkslayers.com>
Thu Nov 19 16:31:56 1998 slime [199.175.137.111:2902] :
RCPT TO: <dorktest at dorkslayers.com>
Thu Nov 19 16:31:56 1998 slime [199.175.137.111:2902] ERROR!
Attempt to relay mail to <dorktest at dorkslayers.com>
Thu Nov 19 16:31:57 1998 slime [199.175.137.111:2903] Connect
Thu Nov 19 16:31:57 1998 slime [199.175.137.111:2903] :
HELO skynet.simkin.com
Thu Nov 19 16:31:57 1998 slime [199.175.137.111:2903] :
MAIL FROM: <>
Thu Nov 19 16:31:57 1998 slime [199.175.137.111:2903] ERROR!
No @ sign in from: <>
Thu Nov 19 16:31:57 1998 slime [199.175.137.111:2903] :
RCPT TO: <dorktest at dorkslayers.com>
Thu Nov 19 16:31:58 1998 slime [199.175.137.111:2903] :
DATA
Thu Nov 19 16:31:58 1998 slime [199.175.137.111:2903] From=junkmail
Rcpt=junkmail
Thu Nov 19 16:31:58 1998 slime [199.175.137.111:2903] Sendmail=0
Thu Nov 19 16:31:59 1998 slime [199.175.137.111:2903] :
QUIT
Thu Nov 19 16:31:59 1998 slime [199.175.137.111:2903] Exiting
Thu Nov 19 16:31:59 1998 slime [199.175.137.111:2904] Connect
Thu Nov 19 16:32:00 1998 slime [199.175.137.111:2904] :
HELO skynet.simkin.com
Thu Nov 19 16:32:00 1998 slime [199.175.137.111:2904] :
MAIL FROM: <sender at dorkslayers.com>
Thu Nov 19 16:32:00 1998 slime [199.175.137.111:2904] :
RCPT TO: <dorktest at dorkslayers.com>
Thu Nov 19 16:32:00 1998 slime [199.175.137.111:2904] ERROR!
Attempt to relay mail to <dorktest at dorkslayers.com>
Thu Nov 19 16:32:01 1998 slime [199.175.137.111:2905] Connect
Thu Nov 19 16:32:01 1998 slime [199.175.137.111:2905] :
HELO skynet.simkin.com
Thu Nov 19 16:32:01 1998 slime [199.175.137.111:2905] :
MAIL FROM: <>
Thu Nov 19 16:32:01 1998 slime [199.175.137.111:2905] ERROR!
No @ sign in from: <>
Thu Nov 19 16:32:01 1998 slime [199.175.137.111:2905] :
RCPT TO: <dorktest at dorkslayers.com>
Thu Nov 19 16:32:02 1998 slime [199.175.137.111:2905] :
DATA
Thu Nov 19 16:32:02 1998 slime [199.175.137.111:2905] From=junkmail
Rcpt=junkmail
Thu Nov 19 16:32:02 1998 slime [199.175.137.111:2905] Sendmail=0
Thu Nov 19 16:32:03 1998 slime [199.175.137.111:2905] :
QUIT
Thu Nov 19 16:32:03 1998 slime [199.175.137.111:2905] Exiting
Thu Nov 19 16:32:31 1998 slime [199.175.137.111:2892] Idle too long
- closing
Thu Nov 19 16:32:37 1998 slime [199.175.137.111:2895] Idle too long
- closing
Thu Nov 19 16:32:49 1998 slime [199.175.137.111:2898] Idle too long
- closing
Thu Nov 19 16:32:56 1998 slime [199.175.137.111:2902] Idle too long
- closing
Thu Nov 19 16:33:01 1998 slime [199.175.137.111:2904] Idle too long
- closing
---------- Further information ----------
Internic information for dorkslayers.com:
Dorkslayers International (DORKSLAYERS-DOM)
1430 - 405 Granville St.
Vancouver, BC V6C 1T2
CA
Domain Name: DORKSLAYERS.COM
Administrative Contact, Technical Contact, Zone Contact:
Sword, Dorkslayers (DS6585) sword at DORKSLAYERS.COM
+1 (604) 555-5555 (FAX) +1 (604) 555-5555
Billing Contact:
Sword, Dorkslayers (DS6585) sword at DORKSLAYERS.COM
+1 (604) 555-5555 (FAX) +1 (604) 555-5555
199.175.137.111 is skynet.simkin.com
Internic information for simkin.com:
Simkin Network Consulting (SIMKIN-DOM)
Suite 1430, 405 Granville St.
Vancouver, BC V6C 1T2
CA
Domain Name: SIMKIN.COM
Administrative Contact, Technical Contact, Zone Contact:
Hodgson, Alan J [Systems Specialist] (AH52) ahodgson at SIMKIN.COM
+1 (604) 555-1234 ext. 103 (FAX) +1 (604) 555-4321
Billing Contact:
Hodgson, Alan J [Systems Specialist] (AH52) ahodgson at SIMKIN.COM
+1 (604) 555-1234 ext. 103 (FAX) +1 (604) 555-4321
Information on 199.175.137.111 from ARIN
[No name] (SKYNE7-HST) SKYNET.SIMKIN.COM 199.175.137.111
________________________________________________________________
Bob Allisat
Free Community Network _ bob at fcn.net . http://fcn.net
http://fcn.net/allisat _ http://fcn.net/draft
More information about the NANOG
mailing list