grr@cbmvax.cbm.UUCP (George Robbins) (05/10/86)
HELP!!!
We just received hundreds of duplicated articles that appear to have had the
headers modified by somebody's gateway software!
The headers have been modifed such that the 'domain' (ie .rat.XXX) subfields
in the Message-ID fields have been removed. Also, the From: line has had the
had the originators name information removed.
Obviously, since the article id has been modified, it doesn't match any
previous copies of the article that have come in through other paths, and
another copy is stored and retransmitted - BIG WASTE OF $$$
Based on the type of mutilation, this looks like someone is 'reinterpreting'
the headers for a gateway or with a 'smart' RFC822 mailer or something. If
this is hplabs 'testing' some new software again, I am most unhappy - perhaps
a more controlled test environment would result in less nation-wide distress?
Z ==> /usr/spool/news/net/bugs/uucp/42 <==
Z Relay-Version: version B 2.10.3 4.3bsd-beta 6/6/85; site cbmvax.cbmvax.cbm.UUCP
Z Path: cbmvax!caip!seismo!mcvax!ukc!icdoc!lmjm
Z From: lmjm@doc.ic.ac.uk (Lee M J McLoughlin)
Z Newsgroups: net.bugs.uucp,net.unix-wizards
Z Subject: Re: Satellite delays slow UUCP
Z Message-ID: <322@ivax.doc.ic.ac.uk>
Z Date: 28 Apr 86 21:48:28 GMT
Z Date-Received: 1 May 86 00:15:26 GMT
Z References: <800@oliveb.UUCP>
Z Reply-To: lmjm@icdoc.UUCP (Lee M J McLoughlin)
Z
Z ==> /usr/spool/news/net/bugs/uucp/48 <==
Z Relay-Version: version B 2.10.3 4.3bsd-beta 6/6/85; site cbmvax.cbmvax.cbm.UUCP
Z Path: cbmvax!bpa!burdvax!sdcrdcf!hplabs!hpda!hpisoa2!hpitg!ivax!lmjm@ivax
Z From: lmjm%ivax@ivax.UUCP
Z Newsgroups: net.bugs.uucp
Z Subject: Re: Satellite delays slow UUCP
Z Message-ID: <322@ivax>
Z Date: 29 Apr 86 06:48:00 GMT
Z Date-Received: 10 May 86 10:13:16 GMT
Z References: <800@oliveb>
Z Lines: 23
--
George Robbins - now working with, uucp: {ihnp4|seismo|caip}!cbmvax!grr
but no way officially representing arpa: cbmvax!grr@seismo.css.GOV
Commodore, Engineering Department fone: 215-431-9255 (only by moonlite)greg@ncr-sd.UUCP (Greg Noel) (05/12/86)
In article <222@cbmvax.cbmvax.cbm.UUCP> grr@cbmvax.cbm.UUCP (George Robbins) writes: >HELP!!! Funny you should be mentioning this -- not a half an hour ago I got a frantic call from an HP site that sends us news. He was trying to chase down and kill some articles that had escaped. It seems that any article with the path fragment "!hpda!hpisoa2!hpitg!" in it should be considered bogus and canceled. Unfortunately, I had already passed them along to a number of sites, so the damage is already done, at least in SoCal. I will try to issue cancellations for these articles and broadcast them to the San Diego region -- it won't save on phone calls already spent, but it should save on disk storage over the next couple of weeks...... >....... If >this is hplabs 'testing' some new software again, I am most unhappy - perhaps >a more controlled test environment would result in less nation-wide distress? The problem is apparently the notes-to-news gateway again. There have been so many problems with this that perhaps we do need to consider some more stringent precautions. I would hate to argue that the solution is to cut all gateways between the two, but obviously there do need to be some additional fire walls beteeen them. >Z Path: cbmvax!bpa!burdvax!sdcrdcf!hplabs!hpda!hpisoa2!hpitg!ivax!lmjm@ivax ^^^^^^^^^^^^^^^^^^^^ Cancel it. -- -- Greg Noel, NCR Rancho Bernardo Greg@ncr-sd.UUCP or Greg@nosc.ARPA