Re: out of office auto replies (was Re: Mock Penentration Test Site)

[Todd Burroughs <todd () devnull com>]

I am somewhat active on a few lists and pen-test is the worst for
"out of office autoreplies".

People, mailing lists are easy to filter out for autoreplies, do it.
It looks bad when you send these things to a list like this, kind
of lame...

Todd Burroughs
---
The Internet has given us unprecedented opportunity to communicate and
share on a global scale without borders; fight to keep it that way.

On Mon, 23 Aug 2004, Martin [iso-8859-2] Ma?ok wrote:

> On Thu, Aug 19, 2004 at 09:26:27PM -0400, Tim wrote:
>
> > I just posted the message below, and received over 20 responses from
> > people's out of office auto-responders and from people whose mailboxes
> > are no longer valid, etc.
> >
> > 1.  People: please stop pissing in the pool.  If you don't know how to
> >     configure your auto-responders to ignore list mail, then don't use
> >     them at all.  They are a danger to yourself and others, as they
> >     advertize to the world what you use for mail, and they can be great
> >     targets for mail loops via spoofing.
>
> ... they also advertize to the world that your house is (probably)
> free and that your identity could be "stolen" or in other way abused
> for social engineering (especially useful for phone games) during your
> vacation.
>
> > 2.  Moderator(s): would you mind sending out a test message once a month
> >     or so, and fish out the email addresses that are blasting posters'
> >     inboxes?  I know they do this on other Security Focus lists.
>
> That would not catch most of them I guess (month is too long and
> getting those test messages on every mailing list regularly would be
> extremely ugly).
>
> What about creating some special address @securityfocus where
> subscribers can forward those vacation autoreplies? If that address
> gets some number of posts about any sinner, it could re-test the
> sinner by itself (with an explanation) and kick the email off all the
> lists on a positive result. I'm sure it shouldn't be that hard to
> automatize it in a safe manner ... Unfortunately, the reply could come
> from different address than the one that is subscribed and in that
> case the sinner/subscriber could be almost untraceable for an
> automaton.
>
> Anyway, as a way of working off my energy and saving the world,
> I sometimes do "vacation remix" on replies I get, i.e. send vacation
> reply from person A to person B, from B to C etc... When they get
> back, maybe they will have a clue. From my experience, sending "do not
> do this becase XY" message to them does not result in them having
> a clue. They actually see the complainer as the one who is making
> troubles and the one who is annoying them. The best result you will
> achieve when they "get it" is "Ok, I'm putting you on my blacklist so
> this won't happen again. Happy now?"  ... grrr ...
>
> Martin Ma?ok
> IT Security Consultant
>
>
> ### my .procmailrc rules for broken vacation autoreplies
>
> :0 B:
> * ^I(?m| will be| am) .*(out of|not in|away from|on) (the )?(vacation|office).* (between|from|until|starting|on 
> vacation)
> vacation
>
> :0 B:
> * ^Je serai en vacance du .* au .* inclusivement.
> vacation
>
> :0 B:
> * ^Je suis actuellement en vacances jusqu
> vacation
>
> :0 :
> * ^Subject: Ofis Disinda Otomatik
> vacation
>
> :0 HB:
> * ^Subject: Vast:
> * ^Olen lomalla ja toimistolla seuraavan kerran
> vacation
>
> :0 HB:
> * ^Subject:.*(ist.*(Haus|im)|out of office)
> * ^Ich werde .* nicht im .* sein\. Ich kehre
> vacation
>
> :0 B:
> * ^Ich bin zur Zeit nur .* online
> vacation
>
> :0 HB:
> * ^Subject: Abwesenheitsnotiz:
> * ^Ich bin .*
> vacation
>
> :0 B:
> * ^.* has left the company.  Please remove his name from your mail
> vacation
>
> :0 HB:
> * ^subject: (out of office|Abwesenheitsnotiz - Out of Office)
> * ^.*(?m| will be| am).*(out of|not in) (the )?office.*(from|until)
> vacation
>
> :0 HB:
> * ^Subject: Abwesenheitsnotiz:
> * ^Ich bin bis einschlie
> vacation
>
> :0:
> * ^Subject: Out of Office AutoReply:
> vacation
>
> :0:
> * ^Subject: .*\(Out of office\)$
> vacation
>
> :0 HB:
> * ^Subject:.*R.*ponse_automatique.*absence.*bureau
> * ^Je serai en vacance du
> vacation
>
> ------------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. All of our class sizes are
> guaranteed to be 12 students or less to facilitate one-on-one interaction
> with one of our expert instructors. Check out our Advanced Hacking course,
> learn to write exploits and attack security infrastructure. Attend a course
> taught by an expert instructor with years of in-the-field pen testing
> experience in our state of the art hacking lab. Master the skills of an
> Ethical Hacker to better assess the security of your organization.
>
> http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817
> -------------------------------------------------------------------------------

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------