The following is from the company (earthonline.com) that wrote the commerical software that performed the dictionary attack against MTA's. I do have copies of the software and can generate a list of 'hard coded' ISP's that were probed, if desired. Dear ISP and Fellow Internet User, GeoList Professional has been removed from the Earthonline Product Line. If used as it was intended, this product would have created email address lists that would have proven highly targeted to a specific state or region. Although GeoList is only one of many different programs that verify state related email addresses on the market, we find it appropriate for the good of the Internet Community, that we pull this product from our shelves. GeoList was designed for the individual or business looking for a target market in specific states or regions. Initially this program was developed for an online political campaign. The candidates campaign staff requested the ability to target their specific region. GeoList, utilized in this market, proved effective; for this reason Earthonline released it as a targeted lead generation product. The subsequent mis-use of GeoList Professional by certain companies and individuals has reportedly made it difficult on the ISPs. As GeoList validates a list of user names and matches them with email addresses in the given state, it was our intent to target email addresses for any give "region specific" campaign. It is undetermined how end-users were using this product. However, we have had reports of customers using this product as a non-targeted spam list collection tool. Earthonline stands behind targeted email notification and solicitation of targeted lead lists. However, we do not condone or promote spam as a way to market products or services. Our products are intended as a cost effective way for companies and organizations to email their customers, and clients, with new product offerings, updates, and/or informative news. GeoList Professional has reportedly been used "not as intended" - and although we could limit the sales of the product to certain individuals and companies, we choose not to sensor those customers of our products. However, with reports of how the GeoList product is being used; It is our decision to make GeoList a discontinued product as of March 08, 1999. As the technology within GeoList is not proprietary to Earthonline, the discontinuation of this product will not be the discontinuation of other products in the marketplace that promote similar functionality. If you should have direct questions, or comments regarding this notice, email to: infoat_private - Earthonline Administration > -----Original Message----- > From: Bugtraq List [mailto:BUGTRAQat_private]On Behalf Of Brett Glass > Sent: Monday, March 08, 1999 11:13 AM > To: BUGTRAQat_private > Subject: SMTP server account probing > > > Several ISPs throughout the Net are reporting an attack described at > > http://www.l8r.com/nwa/nwa1.htm > > In this attack, an SMTP server is probed for common names, presumably > so that spam can the be targeted at them. The attacking machine > connects and issues hundreds of RCPT TO: commands, searching a long > list of common user names (e.g. susan) for ones that don't cause > errors. It then compiles a list of target addresses to spam. > > Unfortunately, the attack -- besides allowing the perpetrator to spam > users -- also brings SMTP servers to their knees. This happens most > often if the server maintains lists of user names in a database where > looking up a name requires substantial disk activity or computational > overhead. > > Some people whose domain names have been hard-coded into a commercial > program designed to implement this attack have responded with outrage, > e.g. > http://www.junk.org/earthonline/ I'm surprised that I haven't seen this one on the Bugtraq list yet. --Brett Glass
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:38:24 PDT