Get APLawrence.com by RSSspam alias
What is this stuff?
If this isn't exactly what you wanted, please try our Search (there's a LOT of techy and non-techy stuff here about Linux, Unix, Mac OS X and just computers in general!):
From - Thu Jan 13 06:36:56 2000
Xref: world comp.unix.sco.misc:113874
Path: world!newsfeed.mathworks.com!cyclone.swbell.net!nnrp2-w.snfc21.pbi.net.POSTED!not-for-mail
From: Jeff Liebermann <jeffl@comix.santa-cruz.ca.us>
Newsgroups: comp.unix.sco.misc
Subject: Re: SPAMMERS LOOKING AT MY ALIAS FILE
Organization: Committee to Maintain an Independent Xenix
Reply-To: jeffl@comix.santa-cruz.ca.us
Message-ID: <8dqq7sg7st2cpakbevsolqu0dejl7ql1kv@4ax.com>
References: <387c0c07.0@news.isdn.net> <1b7o7sgdl2701gbnv1uj9mr20esiki7k0d@4ax.com> <85jjg8$bfb@shady.shady.com>
X-Newsreader: Forte Agent 1.7/32.534
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Lines: 98
Date: Wed, 12 Jan 2000 22:28:38 -0800
NNTP-Posting-Host: 63.198.98.51
X-Complaints-To: abuse@pacbell.net
X-Trace: nnrp2-w.snfc21.pbi.net 947744498 63.198.98.51 (Wed, 12 Jan 2000 22:21:38 PST)
NNTP-Posting-Date: Wed, 12 Jan 2000 22:21:38 PST
X-Mozilla-Status: 8011
X-Mozilla-Status2: 00000000
On 12 Jan 2000 23:15:03 -0500, kbs=cusm@shady.com (Kevin Smith) wrote:
>Chances are they were just guessing unless you have 'public' on the
>ALIAS line in mmdftailor for alias-n. The 'public' keyword allows
>someone connecting (as in Jeff's example) to see what the alias will
>expand to. I.e.
> ALIAS table=alias-n, nobypass, public
Oh, so that's how that works. I never could figure out what that
"public" actually did. I hope it's not the default. I changed my
mmdftailor file to include public aliases and ran the following. I
deleted some of my accomplises names to avoid spammers.
telnet comix.santa-cruz.ca.us 25
220 comix.comix.santa-cruz.ca.us Server SMTP (Complaints/bugs to:
postmaster)
expn bozos
250-Jeff Liebermann <jeffl@comix.comix.santa-cruz.ca.us>
250-(deleted...)
250-(deleted...)
250-(deleted...)
250-(deleted...)
expn postmaster
250 Jeff Liebermann <jeffl@comix.comix.santa-cruz.ca.us>
quit
Besides EXPN, there's VRFY (verify) which can be tested from a
shopping list of possible guesses.
Installation and light training Boston and New England
Reliable and experienced, punctual and professional.
vrfy jeffl
250 Nice address <jeffl@comix.comix.santa-cruz.ca.us>
vrfy xxxx
250 Nice address <xxxx@comix.comix.santa-cruz.ca.us>
Unfortunately, MMDF seems to like any address I throw at it, probably
because I'm using both the badusers and badhosts channel to deal with
creative addressing. Yep. Turning off the badusers channel, I get:
vrfy jeffl
250 Nice address <jeffl@comix.comix.santa-cruz.ca.us>
vrfy zzzz
550 (USER) Unknown user name in "zzzz"
vrfy root
250 Nice address <root@comix.comix.santa-cruz.ca.us>
There's a few other interesting and fun things to do. If you're
running DNS (don't know service), nslookup or the more more convenient
"host" command can excavate some interesting stuff. It won't reveal
user names, but will give a wider selection of machines worth
attacking. Note that in 3.2v4.2, the "host" binary is
/usr/mmdf/bin/host.
# host www.jpr.com
www.jpr.com is a nickname for jpr.com
jpr.com has address 198.207.210.2
jpr.com mail is handled by truth.murphy.com
jpr.com mail is handled by jpr.com
jpr.com mail is handled by etrn1.veriomail.com
# host -l jpr.com
jpr.com NS ns1.new-york.net
jpr.com NS ns2.new-york.net
jpr.com NS ns3.new-york.net
jpr.com has address 198.207.210.2
localhost.jpr.com has address 127.0.0.1
Oh well, no local DNS server at jpr.com.
Try the "host -l xxxx.com" command on some of the larger ISP's for a
nice shopping list. My favorite pastime is to discover obvious
printers and print cute messages to them.
# host -l redhat.com
redhat.com NS ns.redhat.com
redhat.com NS ns2.redhat.com
redhat.com NS ns3.redhat.com
redhat.com NS speedy.redhat.com
redhat.com has address 207.175.42.154
gribble.redhat.com has address 199.183.24.203
charlotte.redhat.com has address 199.183.24.253
scot.redhat.com NS odo.scot.redhat.com
odo.scot.redhat.com has address 195.89.149.241
scot.redhat.com NS speedy.redhat.com
scot.redhat.com NS ns.redhat.com
court.redhat.com has address 199.183.24.85
(about 700 machines deleted)
test.redhat.com NS peggy.test.redhat.com
peggy.test.redhat.com has address 207.175.44.2
test.redhat.com NS frodo.meridian.redhat.com
frodo.meridian.redhat.com has address 207.175.42.33
old-porkchop.redhat.com has address 207.175.42.165
gonzales.redhat.com has address 199.183.24.227
Oh well. Back to pulling dimes out of drives and putting humpty
dumpty back together again.
Enter your email address for automatic notification of new posts here
(be sure to whitelist 'feedburner.com' if you use spam filtering)
| Views for this page | ||||
|---|---|---|---|---|
| Today | This Week | This Month | This Year | Overall |
| 1 | 1 | 22 | 529 | 2,020 |
/Bofcusm/237.html copyright 1997-2004 (various authors) All Rights Reserved
Have you tried Searching this site?
Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.
http://www.m3ipinc.com Security, firewalls, ids, audits, vulnerability assesments, BS7799, HIPAA, GLB, incident handling
http://www.vss3.com SCO/Caldera OpenServer, Unixware & Linux. Tarantella & Non-stop Clustering
http://echo3.net/ Unix/Linux Custom Applications, Web Hosting, C/C++ Programming Courses
- Nov 23 08:34
So many sites tell me what I MUST do: focus on a niche, have an elevator pitch, all that.. naaaw - I LIKE being scatter brained. - Nov 23 07:35
Bailing out GM et al. is like bailing out SCO. It makes me angry that they even TALK about it.
Related Posts
Add your comments