Carolyn P. Meinel Hall of Shame

Carolyn P. Meinel Hall of Shame Hacking Guide Errata

> GUIDE TO (mostly) HARMLESS HACKING
> 
> Vol. 1 Number 5

> First, let's check out the return email address:
>
>        finger FREE@heaven.com
>
> We get:
>
>        [heaven.com]
>        finger: heaven.com: Connection timed out
>
> There are several possible reasons for this. One is that the systems
> administrator for heaven.com has disabled the finger port. Another is that
> heaven.com is inactive. It could be on a host computer that is turned off,
> or maybe just an orphan. 


If an admin disables finger, it will not return the message "Connection
timed out". It will return "Connection refused".

> This should get us to a screen that would ask us to give user name and
> password. The result is:
>
>        Trying 198.182.200.1 ...
>        telnet: connect: Connection timed out
>
> OK, now we know that people can't remotely log in to heaven.com. So it sure
> looks as if it was an unlikely place for the author of this spam to have
> really sent this email.


"Connection timed out" is NOT the answer it gives if you aren't allowed
to connect to the machine. "Connection refused" is what you would see.
It is also very likely that a user could send all the mail in the world, but 
disable incoming telnet connections on port 23. One is not related to the 
other.

> Another valid domain! So this is a reasonably ingenious forgery. The culprit
> could have sent email from any of heaven.com, gnn.com or att.net. We know
> heaven.com is highly unlikely because we can't get even the login port to
> work. But we still have gnn.com and att.net as suspected homes for this spammer.


Or that heaven.com could be a machine that isn't currently connected to
the internet, which seems reasonable after "Connection timed out" messages.
Perhaps they use PPP or SLIP for some hours of the day.

> Presumably one of the people reading email sent to these addresses will use
> the email message id number to look up who forged this email. Once the
> culprit is discovered, he or she usually is kicked out of the ISP. 


No. Unless there are numerous complaints, they typically won't be kicked
off their ISP. If you are the first complaint, they will get nothing
more than a warning.

The reactions of the ISP are ususally spelled out in your "Acceptable 
Use" policies you get when you first sign up. Perhaps these should be read.