View Full Version : BYU not responsible for 'David & Olga'

Mitchell Gil Maltenfort
07-25-1995, 04:04 PM
I just received the following from the postmaster at BYU, and thought I
should let the list know just in case 'David and Olga' make a comeback...

>Date: Tue, 25 Jul 1995 22:10 MDT
>From: "Bryan G. Peterson"
>Subject: Re: Status report: David, Olga, Romance in the USRR

and many others...

>RE: SPAM email regarding Olga, David, and Romance in the USSR
>I regret that some individual has chosen to be so unbearably obnoxious. And
>I regret even more that this individual chose one of my systems to use in
>his forged message as the originating system.
>Unfortunately, the message did not originate from any system at Brigham
>Young University (as near as we have been able to tell) and definitely
>not from physics1.byu.edu. How do I know?
>1. physics1.byu.edu is a Novell file server running only two TCP/IP services:
>an ftp deamon and the Mercury SMTP mail software. The Mercury software is
>(apparently purposely) quite dumb and is not capable of any name resolution.
>In fact, even if you give it the numeric IP address of the system you want
>the mail delivered to, it will always send any outgoing mail to a particular
>host (specified in its configuration files). This second system (whose name
>I will not reveal here because the perpetrator may see it also) has never
>shown up in any of his SPAM messages.
>2. I have searched the log files on both physics1 and the mail forwarding
>host and there is no evidence of any messages going to the specified mailing
>lists from physics1.
>3. The postings are very easy to duplicate by telnetting to port 25 of any
>IBM VM system - they do not verify the incoming port and accept the name
>given in the "helo" command as who you really are. With one exception he
>has always used IBM VM systems as the first hop. The message ID is always
>inserted by the first system to receive the message FROM the IBM VM system.
>4. His first posting was made on 24 June and he went through a Unix box
>at nasa that did some verification and tacked a numeric IP address on the
>end of the given text name. In that case the text name was physics1.byu.edu
>but the numeric IP address corresponded to a PC at the University of Utah.
>There was also a message ID in the first posting referring to a system
>at the University of Utah.
>5. Someone has recently seen this same posting come (along with uuencoded
>pictures) via a system at intersolv.com (supposedly). I haven't looked at that
>posting closely to see if he used the same method to forge a host system name.
>So, in summary, I'm very sorry that it appears that one of my users is
>being a cretin but there is nothing I can do about it. I just happen to
>own the system he chose to use as his forged originating host. We have
>been in contact with people at the University of Utah but there is very
>little to go on (except that he seems to like to send the postings on
>Bryan Peterson (postmaster for physics1.byu.edu)

Mitchell Gil Maltenfort Northwestern University Chicago, Illinois

Computers are like puppies - willing to obey, but unless everything is
explained to them in puppy terms, they *will* make a mess on the floor.