The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #007 [damn, whoever it was did a good job.] (1 message, 1324 bytes)
NOTICE: recognises the rights of all third-party works.


From: Paul A Vixie <>
To: [not phage]
Date: Thu 19:45:04 03/11/1988 EST
Subject: damn, whoever it was did a good job.
References: [Thread Prev: 004] [Thread Next: 008] [Message Prev: 005] [Message Next: 009]

My logs show absolutely nothing that's useful in any way.

Nov  3 08:26:40 localhost:
	2133 sendmail: AA02133: message-id=<>
Nov  3 08:26:40 localhost:
	2133 sendmail: AA02133: from=</dev/null>, size=1670, class=0
Nov  3 08:27:08 localhost:
	2149 sendmail: AA02133: to=<"| sed '1,/^$/d' | /bin/sh ; exit 0">,
	delay=00:00:43, stat=Sent

That means that there was no Message-ID: when it arrived here (which is why
decwrl put one on), that the envelope sender was </dev/null>.  This points
to a strong need to log the remote host name in srvrsmtp.c somewhere...

Anyway, I'd like to cooperate with anyone who wants to collect all the logging
information and try to get time information together.  We run NTP, which means
that we have a good chance of finding out who was the first one hit if lots of
others run NTP as well.  Finding out who was the first one hit would be a help
in tracking them down, though I don't know what else could be done.

The cost in lost working time of all those sysadmins, as well as the cost of
the down time for those who pulled their network connections, just won't fit
in my limited mental resources.  Whoever pulled this off better have intended
real harm; if it was a childish prank done in humour, I'll feel that much more
guilty when I tear his arms off.  :-(.

This story hit the radio and TV around here...

Paul Vixie 1/4

(Disclaimer: I'm not speaking as a representative of Digital; sole responsib-
ility for this message rests with me.)