[ Pobierz całość w formacie PDF ]
.(I blush to find myself in such company.)The way angry johnny worked this attack was to set up a program that would go to one computer that runsa program to handle email lists and automatically subscribe his targets to all lists handled by that computer.Then his program went to another computer that handles email lists and subscribed his targets to all the listsit handled, and so on.I was able to fix my problem within a few minutes of discovery.johnny had subscribed all these lists to myaddress cmeinel@swcp.com.But I use my private domain, techbroker.com, to receive email.Then I pipe allthis from my nameserver at Highway Technologies to whatever account I find useful at the time.So all I hadto do was go to the Highway Technologies Web site and configure my mail server to pipe email to anotheraccount.**************************Newbie note: a mail server is a computer that handles email.It is the one to which you hook your personalcomputer when you give it a command to upload or download your email.*************************************************Evil genius tip: You can quickly reroute email by creating a file in your shell account (you do have a shellaccount, don t you? SHELL ACCOUNT! All good hackers should have a SHELL ACCOUNT!) named.forward.This file directs your email to another email account of your choice.***********************If angry johnny had email bombed cmeinel@techbroker.com, I would have piped all that crud to dev/nulland requested that my correspondents email to carolyn@techbroker.com, etc.It s a pretty flexible way ofhandling things.And my swcp.com accounts work the same way.That ISP, Southwest Cyberport, offerseach user several accounts all for the same price, which is based on total usage.So I can create new emailaddresses as needed.Warning -- this technique -- every technique we cover here -- will still cause you to lose some email.But Ifigure, why get obsessive over it? According to a study by a major paging company, a significantpercentage of email simply disappears.No mail daemon warning that the message failed, nothing.It justgoes into a black hole.So if you are counting on getting every piece of email that people send you, dreamon.But this doesn t solve my ISP s problem.They still have to deal with the bandwidth problem of all that crudflooding in.And it s a lot of crud.One of the sysadmins at Southwest Cyberport told me that almost every day some luser email bombs one of their customers.In fact, it s amazing that angry johnny got as muchpublicity as he did, considering how commonplace email bombing is.So essentially every ISP somehow hasto handle the email bomb problem.How was angry johnny was able to get as much publicity as he did? You can get an idea from this letter fromLewis Koch, the journalist who broke the story (printed with his permission):From: Lewis Z KochSubject: QuestionCarolyn:First, and perhaps most important, when I called you to check if you had indeed been email bombed, youwere courteous enough to respond with information.I think it is a tad presumptuous for you to state that"as a professional courtesy I am _letting_ Lewis Koch get the full scoop." This was a story that was, infact, exclusive.(Carolyn s note: as a victim I knew technical details about the attack that Koch didn t know.But since Kochtells me he was in contact with angry johnny in the weeks leading up to the mass email bombings ofChristmas 1996, he clearly knew a great deal more than I about the list of johnny s targets.I also am ajournalist, but deferred to Koch by not trying to beat him to the scoop.)Second, yes I am a subscriber and I am interested in the ideas you advance.But that interest does notextend to feeding you -- or single individual or group -- :"lots of juicy details." The details of any story layin thewriting and commentary I offer the public."Juicy" is another word for sensationalism, a tabloid approach --and something I carefully avoid.(Carolyn s note: If you wish to see what Koch wrote on angry johnny, you may see it in the Happy HackerDigest of Dec.28, 1996.)The fact is I am extraordinarily surprised by some of the reactions I have received from individuals, some ofwhom were targets, others who are bystanders.The whole point is that there are extraordinary vulnerabilities to and on the Net -- vulnerabilities which arebeing ignored.at the peril of us all.Continuing: "However, bottom line is that the email bomber used a technique that is ridiculously lame -- solame that even Carolyn Meinel could turn off the attack in mere minutes.Fry in dev/null, email bomber!"johnny made the point several times that the attack was "simple." It was deliberately designed to be simple [ Pobierz całość w formacie PDF ]

  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • higrostat.htw.pl
  •