[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

The penet compromise



-----BEGIN PGP SIGNED MESSAGE-----

I wrote earlier that I thought the penet attack was a forked strategy
intended to out anon users and flood anon.penet.fi.  Now I'm not so sure
it was forked.

I remember trying an experiment a while back, where I posted a message
to alt.test and saved all the replies.  There were less than a dozen.
misc.test provides much better response.

That lessens the probable impact of the return traffic to a rough
multiplier of 10.  And given the time spread (my experiment yielded
replies over 4 days), I don't know if this can be counted on to yield a
denial-of-service attack.  (I suppose it's possible the perp might be
trying to spam penet in the original sense, by trying to overrun
arbitrary limits in the server)

That leaves outing as the motive.  Now I'm wondering if the idea is to
out as many people as possible, or if the perp is searching for
a particular party or parties.  The formation of the messages (from
reports... I don't get alt.test locally) appears tailored for some kind
of automated data collection.
- -- 
       Roy M. Silvernail         [ ]  [email protected]
                    PGP public key available by mail
     echo /get /pub/pubkey.asc | mail [email protected]
         These are, of course, my opinions (and my machines)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBLjh9+hvikii9febJAQFMqwP7B1fmRFT2BHSh1N4PseiexsxZOcQ4xxJz
HzddvlkcditxGjdOUMD3HAzosIKr1IBj0mk1N9bnE2L6nBR4L6583wF551CTOEVD
h9SvPp10N+FDT34DmYsb9yGoL7OXMK5Bov76++liE16NEaIdI5YvspCZ1hdcjzH0
Zhq2tV+Vhhw=
=Frx+
-----END PGP SIGNATURE-----