Full Disclosure mailing list archives
Someone hacked anti-spam database. World bouncing email
From: Michael Scheidell <scheidell () secnap net>
Date: Tue, 26 Aug 2003 16:54:33 -0400 (EDT)
Some time before 11:30 AM Eastern time, the anti-spam database socks.relays.osirusoft.com run by osirusoft.com seems to have been hacked. Possibly thousands of innocent system admins then found that email their users sent out was being bounced by uses of this database, even though they never spammed, and never ran a 'socks' proxy, and were not in the dialup database (the FTC uses this to protect their 'uce () ftc gov' address!) I found bogus responses back on innocent ip addresses that seems to have been 'stuffed' into osirusoft.com socks.relays RBL., or an * wildcard has replaced the legit database. (including the netscreen list at qorbit.net) The TXT record that responds is: Please stop using relays.osirusoft.com Looking at news:news.admin.net-abuse.email I see several warning about using relays.osirusoft.com This is not surprising, since they run the (popular or un-popular) anti-spam database 'spews' and have been under DDOS and hacker attack for months. What appears to have happened, is maybe dns cache poising, DNS hyjacking, or maybe someone directly compromised the dns server and edited the database (or one of their secondaries) or, aliens in green suits decided to block all email to anyone using the socks, dialups (and maybe spews) databases? Anyone have any more information on this? -- Michael Scheidell SECNAP Network Security (561) 368-9561 scheidell () secnap net http://www.secnap.net _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Someone hacked anti-spam database. World bouncing email Michael Scheidell (Aug 26)
- Re: Someone hacked anti-spam database. World bouncing email Thor Larholm (Aug 26)
- Someone hacked anti-spam database. World bouncing email Michael Scheidell (Aug 27)
- <Possible follow-ups>
- RE: Someone hacked anti-spam database. World bouncing email scheidell (Aug 27)