[SGVLUG] I'm being attacked by an email flood from kernel.org

Greg Stark gstark at electrorent.com
Mon Apr 17 09:52:37 PDT 2006


David,
In addition to contacting the Majordomo, consider contacting (by email) the
Admin, Tech, owner, and person listed below.  If you do not get satisfaction
you could call them.  Also you can look at the email header detail and trace
the emails making sure they are coming from kernel.org.  You should see
server names like the ones listed in the nslookup listing below.   If its
not these machines, you will have to research those.  

Now to think of it you probably want to go to www.spamcop.org; they have an
email analyzer.  You past in the header, and it does all the nslookup
research, and a reverse lookup to further check the validity of the servers.
They record the problem, and if its network wide, contact the network owners
responsible so they can manage the problem.

Good luck.

Greg Stark

nslookup
> set type=MX
> kernel.org
Server:  sam.cp1.electrorent.com
Address:  192.168.223.10

kernel.org      MX preference = 10, mail exchanger = hera.kernel.org
kernel.org      MX preference = 20, mail exchanger = zeus1.kernel.org
kernel.org      MX preference = 30, mail exchanger = zeus2.kernel.org
kernel.org      MX preference = 999, mail exchanger = bl-ckh-le.kernel.org
kernel.org      nameserver = ns2.gimp.org
kernel.org      nameserver = ns2.kernel.org
kernel.org      nameserver = ns3.kernel.org
kernel.org      nameserver = ns.vger.kernel.org
kernel.org      nameserver = ns1.q.port80.se
kernel.org      nameserver = ns1.kernel.org
hera.kernel.org internet address = 140.211.167.34
zeus1.kernel.org        internet address = 204.152.191.4
zeus2.kernel.org        internet address = 204.152.191.36
bl-ckh-le.kernel.org    internet address = 204.152.191.61
bl-ckh-le.kernel.org    internet address = 204.152.191.29
ns.vger.kernel.org      internet address = 209.132.176.167
ns1.q.port80.se internet address = 217.75.109.220
ns1.kernel.org  internet address = 140.211.167.34
ns2.kernel.org  internet address = 204.152.191.4
ns3.kernel.org  internet address = 204.152.191.36
>

Admin ID:KH222-GANDI
Admin Name:kernel.org hostmaster
Admin Organization:Kernel Dot Org Organization
Admin Street1:3475 Clover Oak Dr
Admin Street2:
Admin Street3:
Admin City:San Jose
Admin State/Province:6
Admin Postal Code:95148
Admin Country:US
Admin Phone:+1.4088448481
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Admin Email:hostmaster at kernel.org
Tech ID:AR41-GANDI
Tech Name:CONTACT NOT AUTHORITATIVE see http://www.gandi.net/whois
Tech Organization:GANDI SARL
Tech Street1:see also whois.gandi.net
Tech Street2:
Tech Street3:
Tech City:Paris
Tech State/Province:
Tech Postal Code:75003
Tech Country:FR
Tech Phone:+33.1
Tech Phone Ext.:
Tech FAX:
Tech FAX Ext.:
Tech Email:support at gandi.net


domain:		GANDI.NET
owner-name:	Gandi SAS
owner-address:	15 place de la Nation
owner-address:	F-75011
owner-address:	Paris
owner-address:	France
owner-phone:	+33.140290090
owner-fax:	+33.143731851
owner-e-mail:	b94c3a9e6a201ca72a82a7239d98002a-286444 at owner.gandi.net
admin-c:	NG270-GANDI
tech-c:		NG270-GANDI
bill-c:		NG270-GANDI
nserver:	dns0.gandi.net 217.70.177.39
nserver:	dns1.gandi.net 217.70.177.45
nserver:	dns2.gandi.net 217.70.177.46
nserver:	dns3.gandi.net 217.70.179.36
reg_created:	1999-05-21 10:09:21
expires:	2014-05-21 14:09:56
created:	2000-02-23 12:12:59
changed:	2006-04-12 00:39:11

person:		NOC Gandi
nic-hdl:	NG270-GANDI
address:	GANDI
address:	38 rue Notre-Dame de Nazareth
address:	75003
address:	Paris
address:	France
phone:		+33.1.40290090
fax:		+33.1.40291902
e-mail:		noc at gandi.net
lastupdated:	2005-10-11 09:56:36


-----Original Message-----
From: sgvlug-bounces at sgvlug.net [mailto:sgvlug-bounces at sgvlug.net] On Behalf
Of David Lawyer
Sent: Sunday, April 16, 2006 10:32 AM
To: SGVLUG Discussion List.
Subject: [SGVLUG] I'm being attacked by an email flood from kernel.org

For the past couple of days, I've gotten well over 100 emails from
Majordomo at vger.kernel.org.  Each email says that I've sent them a
nonsense request, consisting of mostly random letters.  I haven't sent
them any such requests and perhaps someone is sending requests to them
and spoofing my email address.  The emails I get include a long help
file on how to use Majordomo.  I've sent a complaint to the Majordomo
"owner" but so far no response.  I get such email at intervals ranging
from a few seconds apart to hours apart.

Any suggestions as to what I should do?  In effect, Majordomo is being
used like an email relay since it deletes the routing information in
the header so I can't determine where the bogus requests are coming
from.  I checked on the Internet and only found a message that
Majordomo could potentially be used for a flooding attack.

kernel.org handles about 60 Linux kernel mailing lists thru this
Majordomo list server.  So this problem is in some sense a "Linux
Problem".
			David Lawyer




More information about the SGVLUG mailing list