Bugtraq mailing list archives
Re: SMTP server account probing
From: frankm () BEND OR US (Frank Miller)
Date: Tue, 9 Mar 1999 08:57:32 -0800
The following is from the company (earthonline.com) that wrote the commerical software that performed the dictionary attack against MTA's. I do have copies of the software and can generate a list of 'hard coded' ISP's that were probed, if desired. Dear ISP and Fellow Internet User, GeoList Professional has been removed from the Earthonline Product Line. If used as it was intended, this product would have created email address lists that would have proven highly targeted to a specific state or region. Although GeoList is only one of many different programs that verify state related email addresses on the market, we find it appropriate for the good of the Internet Community, that we pull this product from our shelves. GeoList was designed for the individual or business looking for a target market in specific states or regions. Initially this program was developed for an online political campaign. The candidates campaign staff requested the ability to target their specific region. GeoList, utilized in this market, proved effective; for this reason Earthonline released it as a targeted lead generation product. The subsequent mis-use of GeoList Professional by certain companies and individuals has reportedly made it difficult on the ISPs. As GeoList validates a list of user names and matches them with email addresses in the given state, it was our intent to target email addresses for any give "region specific" campaign. It is undetermined how end-users were using this product. However, we have had reports of customers using this product as a non-targeted spam list collection tool. Earthonline stands behind targeted email notification and solicitation of targeted lead lists. However, we do not condone or promote spam as a way to market products or services. Our products are intended as a cost effective way for companies and organizations to email their customers, and clients, with new product offerings, updates, and/or informative news. GeoList Professional has reportedly been used "not as intended" - and although we could limit the sales of the product to certain individuals and companies, we choose not to sensor those customers of our products. However, with reports of how the GeoList product is being used; It is our decision to make GeoList a discontinued product as of March 08, 1999. As the technology within GeoList is not proprietary to Earthonline, the discontinuation of this product will not be the discontinuation of other products in the marketplace that promote similar functionality. If you should have direct questions, or comments regarding this notice, email to: info () earthonline com - Earthonline Administration
-----Original Message----- From: Bugtraq List [mailto:BUGTRAQ () netspace org]On Behalf Of Brett Glass Sent: Monday, March 08, 1999 11:13 AM To: BUGTRAQ () netspace org Subject: SMTP server account probing Several ISPs throughout the Net are reporting an attack described at http://www.l8r.com/nwa/nwa1.htm In this attack, an SMTP server is probed for common names, presumably so that spam can the be targeted at them. The attacking machine connects and issues hundreds of RCPT TO: commands, searching a long list of common user names (e.g. susan) for ones that don't cause errors. It then compiles a list of target addresses to spam. Unfortunately, the attack -- besides allowing the perpetrator to spam users -- also brings SMTP servers to their knees. This happens most often if the server maintains lists of user names in a database where looking up a name requires substantial disk activity or computational overhead. Some people whose domain names have been hard-coded into a commercial program designed to implement this attack have responded with outrage, e.g.
http://www.junk.org/earthonline/ I'm surprised that I haven't seen this one on the Bugtraq list yet. --Brett Glass
Current thread:
- SMTP server account probing Brett Glass (Mar 08)
- Re: SMTP server account probing Frank Miller (Mar 09)
- Re: SMTP server account probing John E. Martin (Mar 09)
- Re: SMTP server account probing Brett Glass (Mar 09)
- Re: SMTP server account probing Nick Andrew (Mar 09)
- Re: SMTP server account probing Brian Behlendorf (Mar 09)
- Re: SMTP server account probing Valdis.Kletnieks () VT EDU (Mar 09)
- Re: SMTP server account probing Scott Fendley (Mar 09)
- Re: SMTP server account probing Alexander Bochmann (Mar 10)
- Re: SMTP server account probing Alan Cox (Mar 09)
- Re: SMTP server account probing Brett Glass (Mar 09)
- Re: SMTP server account probing Ryan Permeh (Mar 09)
- Re: SMTP server account probing Keith Woodworth (Mar 09)