nanog mailing list archives
SMTP abuse (Re: The FBI tripping over itself again)
From: "Mike Lewinski" <mike () rockynet com>
Date: Tue, 31 Oct 2000 13:17:25 -0700
Networks under my control (and more so some I've been called in to assist) are currently under attack by SMTP dictionary-attackers, which seems to be reincarnations of the ghosts of GeolistPro. [ scumbags that are trying to deliver spam, and/or are trying to learn every possible email address in a given domain, to the tune of up to 550,000 per attack (there's obviously a lot of usernames@ scraped from existing spam-lists).
It's my belief that some (or all) of this activity is currently instigated by EarthOnline Software, makers of GeoList Pro. This URL is the basis for my suspicions: http://www.earthonline-software.com/targeted-a.html GeoList's "feature" was that it collected regionally targeted lists of e-mail addresses. How can one do that? The only two ways I can think of are dictionary attacks against ISP web servers ( GET /~aaaa) or dictionary attacks against ISP's SMTP servers (RCPT TO: <aaaaa>). The former method would be much less successful, since not all customers will have their own web directories, and not all providers will use the /~ syntax either. Mike P.S. The SMTP abuse listserv is still here: http://www.kopower.com/mailman/listinfo/smtpabuse
Current thread:
- The FBI tripping over itself again Kai Schlichting (Oct 31)
- SMTP abuse (Re: The FBI tripping over itself again) Mike Lewinski (Oct 31)
- Re: SMTP abuse (Re: The FBI tripping over itself again) Steve Sobol (Oct 31)
- SMTP abuse (Re: The FBI tripping over itself again) Mike Lewinski (Oct 31)