[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Hack attempt? "12 days" from anon.com
Are they trying to access Snoopy's doghouse ?
Pierre Bourque
Mercenary Scribbler
SurfBoard: <a href=" http://www.achilles.net/~pierre ">here</a>
And on the Left Coast: [email protected]
On Sun, 25 Feb 1996, Rishab Aiyer Ghosh wrote:
>
> Regarding the mysterious mail from [email protected]
> that many people have received:
> 1. The mail was apparently sent by a daemon bouncing
> an undeliverable mail. anon.com is a "virtual domain"
> hosted at io.com, so it's unlikely that the daemon would
> have an anon.com address.
> 2. Headers show it was routed through 38.10.221.81 and
> smtp1.interramp.com. That IP address showed up as
> ip81.la.ca.interramp.com the first time I tried a
> traceroute. The second time it showed up as
> ip81.syracuse.ny.interramp.com. In any case, traceroute
> went recursive between los-angeles.ca.isdn.psi.net
> (38.145.221.110) and lan.losangeles.ca.psi.net
> (38.145.221.1). This indicates the target could not be
> reached - perhaps it's a PPP address, or disconnected.
> 3. There is an X-Sender: (Unverified) header entry. So the
> mail was SMTP faked without the HELO protocol.
> 4. The error purpoting to originate from [email protected]
> says the mail was addressed to [email protected]. loacst.org
> is not a registered domain.
> 5. PeppermintPty is obviously Peppermint Patty; the "original message"
> is signed Marcie. Peanut fans will recognise these characters.
>
> So - what was it all about? An elaborate prank? A convoluted NSA
> plot? I would lean towards the first, but perhaps we'll know
> on March 1st, the date to "gain access to target".
>
> Rishab
> ps. the copy I received follows:
>
> >From [email protected] Fri Feb 23 20:08:00 1996
> Received: from m-net148.arbornet.org (m-net.arbornet.org [148.59.250.2]) by shellx.best.com (8.6.12/8.6.5) with SMTP id UAA20969 for <[email protected]>; Fri, 23 Feb 1996 20:07:44 -0800
> Received: from smtp1.interramp.com by m-net148.arbornet.org with smtp
> (Smail3.1.29.1 #4) id m0tqBGv-0009SHC; Fri, 23 Feb 96 23:07 WET
> Received: from [38.10.221.81] by smtp1.interramp.com (8.6.12/SMI-4.1.3-PSI-irsmtp)
> id XAA24970; Fri, 23 Feb 1996 23:06:42 -0500
> X-Sender: (Unverified)
> Message-Id: <v01520db9ad53979e9858@[38.10.221.81]>
> Mime-Version: 1.0
> Content-Type: text/plain; charset="us-ascii"
> Date: Fri, 23 Feb 1996 08:11:33 -0800
> To: (Recipient list suppressed)
> From: [email protected] (System Mail Manager)
> Subject: Twelve Days of Christmas
> Status: RO
>
>
> -- <System Report> --
> UNDELIVERABLE MAIL: Unknown Host("[email protected]")
> UNDELIVERABLE MAIL: Bad Key
>
> -- <Original Message Follows> --
>
> *** TOP LEVEL: DESTROY IMMEDIATELY UPON READING ***
> *** DO NOT PRINT OR SAVE. Code1.8 Table2Hex6 ***
>
> DAY 10: DR. BLACK located a promising entry point at the target site. DR.
> BLACK recovered four of the six password tokens before his position was
> compromised. DR. BLACK will be replaced by DR. ORANGE.
>
> Estimated time to recover the remaining two password tokens and gain access
> to target: EIGHT DAYS (03.01.96)
>
> Confidence is HIGH.
>
> My team has been working around the clock for a month now. Please tell your
> people to be more tolerant. Yelling doesn't help anything.
>
> Marcie
>
>
>
>
>
>