Alt-BEAM Archive
Message #12643
To: beam@sgiblab.sgi.com
From: "David Perry" davidperry@geocities.com
Date: Tue, 28 Mar 2000 19:04:27 +1000
Subject: [alt-beam] Re: Spam!!!!
Fair enough - i've done this before (i located a spammer on noknok.nl and
they were booted recently - and i've done it a couple of times before),
often though, they will use hotmail, or similar, if their booted, they join
again, they can use straight IP addresses for their email. Its possible to
track those scum down- but usually they hide their tracks pretty well - also
you forgot a step. Usually there are several servers in the header - you
should ping them all to make sure they are legitimate. Blocking port probes
in your way is a little nasty ain't it - someones liable to get upset if
they have a legitimate (?) reason for doing so.
Anyway, i learnt this stuff when reading security books in my spare time and
trying to break into koan.happyhacker.org before i discovered beam that
filled my time much better :-)
David
> Having done a fair bit of Internet Security and the tracing of would be
> offenders
> I can tell you that it is possible to trace these people, and its prety
easy
> once
> you finally get the information to place a request with their ISP to have
> them
> banned, However you must have the cooperation of the owner of the mail
> server.
>
> Here are a couple of steps to take.
>
> 1. Look at the mail headder.
> 2. In the mail headder find the name of the mail server that the message
> originated from.
> 3. For good measure email, administrator@mail.server.com,
> postmaster@mail.server.com, abuse@mail.server.com"
> 4. Find out who is responsible for the class C that the email address is
on.
> 5. email the admin of the class C, also include any technical contact that
> may be listed.
> 6. CC the complaint to your own ISP, include what details you have found.
>
> If the spam keeps coming from that address then request that your ISP
filter
> any mail
> that is sent from that address.
>
> Another problem you may like to think about are Sniffers and Probes, I
> receive 2 to 5
> peices of spam per week, and I get sniffed or probed atleast 6 times per
> week.
>
> Ever been connected to internet and for no reason you modem light started
> blinking?
> or suddenly that connection just bogged down and your transfer rate just
> fell through
> the floor, if so then there is a chance that someone may be trying to
probe
> your system
> for an open port.
>
> I have these 2 rules, 1... Warn would be spammers when they send spam that
> if they continue
> you will cc and loop the message they sent to you back to them or the mail
> server they
> sent it through. Imagine.... "Send the SPAM back to the sender or whoever
> the email
> address is listed in the address, then attach the message to itself and
> resend, then repeat
> 100 times.. :) Thats a BIG email (just dont forget to only send it 100
times
> because it can
> get REAL BIG)
>
> 2.... If Port Probes appear on regular ports as they usually do, i setup a
> little application called
> netcat, this will sit on a port and wait for someone to connect to it,
then
> stuff data sown at them
> the result can cause their sniffing application to lock up, it can fill
> their browser with garbage
> or if your that way inclined and send a corrupt packet you can lock ther
> TCP/IP stack up and
> they will need to reboot to clear it.
>
> Regards
> Andrew
>
> -----Original Message-----
> From: David Perry
> To: beam@sgiblab.sgi.com
> Date: Tuesday, March 28, 2000 6:57 PM
> Subject: Re: Spam!!!!
>
>
> >you've got to be kidding!!! There email addresses are usually faked -
their
> >ISP's are rarely visible - and these people don't give damn about the
law -
> >its almost impossible for them to be caught.
> >
> >
> >David
> >
> >
> >
> >www.surf.net.au/jmdbb/soccer/
> >
> > sponsored by
> > www.RobotOz.com.au
> >
> >
> >
> >----- Original Message -----
> >From: "Brian Boeckmann"
> >To:
> >Sent: Tuesday, 28 March 2000 10:34
> >Subject: Re: Spam!!!!
> >
> >
> >> I dont know what country you live in, or what the laws are their, but
> here
> >> in the United States, all I have to do is send them a message to take
me
> >off
> >> their list, and they HAVE to take my name off. I then put it in a
special
> >> folder for reference, and if I get another, I notify their ISP along
with
> >my
> >> copy of the message I sent them. I now get NO spam, and I used to get
> quit
> >a
> >> bit. A little off the subject, but might be useful to all of us since
we
> >all
> >> use email. Good luck
> >>
> >> -----Original Message-----
> >> From: Joe
> >> To: beam@sgiblab.sgi.com
> >> Date: Monday, March 27, 2000 12:15 AM
> >> Subject: Re: Spam!!!!
> >>
> >>
> >> >Tim,
> >> >Clean out your cookie file every week or better yet set your security
to
> >> >warn of cookies.
> >> >
> >> >----- Original Message -----
> >> >From: Timothy Flytch
> >> >To:
> >> >Sent: Sunday, March 26, 2000 8:12 PM
> >> >Subject: Re: Spam!!!!
> >> >
> >> >
> >> >> Five a DAY... You luck bum... I'm getting 20-30 per day!!!
> >> >>
> >> >> I HATE... I HATE... I HATE... I HATE SPAM !!!!!
> >> >>
> >> >> Timothy...
> >> >
> >> > -big snip-
> >> >
> >> >
> >>
>
Home