[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: spammed by ICQ ???

To: MiNT-list <mint@atari.archive.umich.edu>
Subject: Re: spammed by ICQ ???
From: Maurits van de Kamp <maurits@bassment.demon.nl>
Date: Thu, 12 Mar 1998 19:57:32 +0100
In-reply-to: <199803112023.PAA02689@ns.axess.com>

On Wed, 11 Mar 1998, Martin-Eric Racine wrote:

> No, it's EXACTLY what's going on. I only posted ONE of the logs
> (namely the error log), but others proove that ICQ's little toy
> automatically sends mail to root@dynamic-port.domain as SPAM if
> someone is trying to reach a netizen who isn't using ICQ.

The essence of ICQ is being able to work out your dynamic hostname when
you're online. How did they work out yours when you don't have ICQ? I've
had the same spam btw, and it was delivered to me by my mailserver at my
provider, which means they mailed it to me just like any other would send
a mail to me.

Again, it's theoretically impossible that they worked out your dynamic
hostname as long as you don't run ICQ, (and why would they go through the
trouble if they can simply send you a mail the normal way). Secondly,
smail does not go sending mails blindly onto the net because of a wrong
username. All the times I got spammed by mirabilis, the mail was correctly
delivered without errors.

So my only 2 points are that 1. the "flooding" wasn't mirabilis' fault,
and 2. mirabilis didn't "abuse your smtp daemon" as they had no way to
even find it. They just sent you a mail (as ordered by whoever tried to
page you btw!!) and your smtpd went bananas after it somehow ended up in
the wrong place (atfer deliverance).

What would the use be of abusing someone's smtp daemon? It's so much
easier to send spam the normal way, and most people don't even HAVE an
smtp daemon.

> Maurits, I HAVE CHECKED EVERYTHING BEFORE MAILING THIS LIST.
> THIS *IS* SPAM BY MIRABILIS, NOT A MISCONFIGURED KGMD THAT
> MAGICALLY GENERATES FAKE SPAM OUT OF NOWHERE.

I know is it mirabilis that sent it in the first place, (If kgmd made this
mail up out of nowhere, I would havwe a word with knarf about possible
secret incomes.) :)  I never denied that. but it was your smtpd that
*flooded* you with it. LOOK AT YOUR LOGFILE! The mail was received by your
computer FROM your computer! And btw, I don't know if the log you posted
was complete, but I didn't see a host from mirabilis at the top of the
list sending it to you over smail. 

> My only mistake was leaving SMPTD enabled after installing KGMD.
> It's now disabled for good.

Ok. Be prepared to still be spammed by Mirabilis though.. only without
flooding. :)

Btw, you're right that the doc should include a clear warning to browse
through your inetd.conf and switch off any daemon you don't need. All
those kgmd mint machines are on the net looking like an emmentaler cheese
with their chargen, daytime and god-knows-what ports open..:) and since
there is no patch against "land", you might want to close all ports you
don't need. :)

Maurits.

---

Change is inevitable, except from a vending machine.

          Maurits van de Kamp (maurits@bassment.demon.nl)

    _____    B A S S M E N T   P R O D U C T I O N S     _____
  /     /\\     >> http://www.bassment.demon.nl <<     /     /\\
 /     /=/ \     ________________________________     /     /=/ \
|      \/   |   / Black Currant                  \   |      \/   |
|   /\      |  |             bc@bassment.demon.nl |  |   /\      |
 \ /=/     /   |  Purple Trance                   |   \ /=/     /
  \\/____ /     \            pt@bassment.demon.nl/     \\/____ /
     \           \______________________________/        /
      \_____________\_/_\_/_\_/____\_/_\_/_\_/__________/

References:
- Re: spammed by ICQ ???
  - From: q-funk@megacom.net (Martin-Eric Racine)

Prev by Date: Re: more gcc/mintlib questions
Next by Date: Re: more gcc/mintlib questions
Previous by thread: Re: spammed by ICQ ???
Next by thread: Re: spammed by ICQ ???
Index(es):
- Date
- Thread