webber@porthos.rutgers.edu (Bob Webber) (06/22/88)
In article <3071@rpp386.UUCP>, root@rpp386.UUCP (Super user) writes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ [well actually, anyone who uses news software while running as root can probably better be said ``to scrawl.''] > In article <net.rarebit.4@rutgers.edu>, webber@rutgers.edu (Net.Rarebit) writes: > ] Path: rpp386!vector!killer!osu-cis!tut.cis.ohio-state.edu!bloom-beacon!husc6!uwvax!dogie!uwmcsd1!ig!agate!ucbvax!ucsd!sdcsvax!rutgers!webber > ] Newsgroups: news.admin.ctl > ] Subject: sendsys > ] Message-ID: <net.rarebit.4@rutgers.edu> ^^^^^^^^^^^^^ too short for a standard rutgers message id > > hey, mel - ... Mel is at Usenix in California. Apparently you aren't though. Just sitting home and bored huh. [Shuffle list of suspects.] > needless to say, webber should be emptying out his mailbox for years to Hardly. So far, less than a megabyte of mail has come in. Since the unix mail program allows one to delete message numbers by range (and save in a similar manner), the roughly 300 messages I have recieved so far have been rather easy to handle (fortunately, I am on a system with a reasonable amount of disk space and cpu). Of course, since rutgers generates a message informing the sender that webber@rutgers.edu is no longer an appropriate mail address (rutgers is a communications machine whose name used to be an alias for a now deceased dec-20 but is now being reused for other purposes), the systems that have to pay for the 1.5 meg of mail (including those return notifications) this has generated so far are the real victims of this. > come! unless this is a forgery, in which case, Bravo! Bravo! Bravo! looks Well, clearly it is a forgery. It is also easy to prove that it was not generated at any of the local machines. The first time I had to deal with a burst of a hundred mail messages in one day (over a year ago), it was a bit time consuming, but now it is rather easy. The big trick is to treat your mail as a textfile instead of using the mail interface. Both the standard mail and the standard news interfaces seem to fall apart when the flow gets high, but the standard unix file manipulation tools step in rather well (if you have enough cpu to let them run). > like it came in at husc6. here's the paths i saw: > > rpp386!dalsqnt!pollux!killer!osu-cis!tut.cis.ohio-state.edu!bloom-beacon!\ > husc6!bbn!uwmcsd1!ig!agate!pasteur!ames!rutgers!webber Actually, agate (presumably agate.berkeley.edu) is the common denominator to all of the paths I have seen. Of course, anyone could fake a message off such a site -- so a more interesting source of people to look at are those who have posted messages complaining about the net.rarebit postings. Of course, it could even have been done by a backbone member. ----- BOB (webber@athos.rutgers.edu ; rutgers!athos.rutgers.edu!webber) P.S., so far I have been saving all of these messages since they do actually contain some interesting information about how news flows through the system. Anyone who has anonymous ftp access and is interested in them should let me know. It will be a while before I get around to writing the scripts necessary to analyze the contents of all of these sendsys files.