<<<< TH33 WAR3Z 3L33T PR3Z3NTZ >>>> REFLECTOR BOMBING: MAIL MAYHEM << WRITTEN BY GOAT >> 25Sep96 <<< KALL TH33 WAR3Z 3L33T: www.anus.com/31337/ >>> 666 I. Introduction II. Reflector Bombs III. Impact IV. Disadvantages V. Legal Introduction ------------ Most people mail bomb like lame fiends. They fire up Eudora and attach a few large GIFs to it with names like ASSHOLE and FUCKFACE and then let it fire when they go to bed. It sends these huge files which if they make it past the firewall and don't bounce will slam home into their target's mailbox, forcing an additional 17 minutes of download time on a 28.8k modem. While this is an emotionally honest approach and is probably not a crime, this is completely ineffective mailbombing. It doesn't strike to the heart of the matter which is to bloat the mailbox of the victim and to hopefully crash their feeble mailer (which, if they're using the consumer jokeware that the NWO lets us have, Mac or PC, is bound to occur). There is no vengeance, no force of will, no balls. Similarly I feel mail floods or forwarding of USENET posts through anonymous remailers have no guts. Your victim isn't going to suffer because oh my god, you mailed them your /tmp. They suffer because they realize the strike against them and its temporary overwhelming of the system as a manifestation of the world rejecting their needs while being annoyed enough to become a temporarily sadistic master, and so they cling to it and often become quite psychologically deranged. The damage of mailbombing occurs in a victim's social sense of self-esteem more than in his or her mailbox. Your goal is to push the victim to the edge of self-doubt. How much does the world hate him/her? Enough to pave a mailbox in a vicious mannner, a better kind of mailbomb: the reflector bomb! Before we begin, let me state two things: 1) I have never seen reference to this before in any hacker literature and 2) HAVE PHUN BUT D0NT GET KAUGHT!!1!!!. Reflector Bombs --------------- The reflector bomb works on the simple principle that mail sent with spoofed addresses will bounce to the victim. Its particular agent is the BCC line, which enables the mailbomber to list any number of fake addresses on diverse servers for greater inefficiency of routing, leading to a wider variety of incoming paths to the target. For example, my victim, billg@microsoft.com, would probably NOT elect to send this message: To: bounce_my_ass@neosoft.com From: billg@microsoft.com Reply-To: billg@microsoft.com BCC: bounce_me@whitehouse.gov, bounce_me@wired.com, bounce_me@chron.com, bounce_me@xs4all.nl Dear Bill, BOING! -- TH33 M4DD H4KK3R /s .s /es /quit shit ^G^C^H^X^X ...but this message isn't very extreme; only four bcc addresses and one primary recipient will bounce this message. It's important to pick a server for primary recipient pretty far removed from all other hosts. To know how this works, it's important to understand some basic networking. When a host receives mail - from either inside of its domain or from an external forward (by Internet courtesy-anarchy socialist system of packet travel most SMTP hosts accept traffic from any other host) - the receiving host looks at the host in each address and attempts to route mail appropriately, or detect the beginning stage of a likely path for the mail and then to forward it on. The more diverse the pathways you pick through the Internet, the more individuality given to these messages so that they arrive at different times through different size servers. This eliminates mail clumping, where one host will service fiftteen forwards and generate only one bounce message, and encourages a chaotic disparity in sizes and frequency. The unevenness of this attack makes it more effective on sites with mail filters than any form of direct assault. How to put this into execution? First make your bounce hosts list, and list 20-60 hosts across your home country that you know have differing connection speeds and diverse topology. Then, find an open SMTP host preferrably one which does not transfer the hostname of the originating host in the headers of each mail message. For bounce hosts, I recommend using major providers and reasonably sized ISPs. Panix.com, xnet.com, neosoft.com, netcom.com, ici.net, worldnet.att.net, gnn.com, well.com and others provide a good balance of span and power of return serve. Reasonably large hosts have t1 or t3 access and can fire back your little packages at high speed. For SMTP hosts, I like to use the fast but older servers that usually back the ISPs that major pornography providers use. Cheap, obscure, and rarely critical, these machines are usually large cheesy UNIX boxes that pump out return mail like vitriolic ejaculate. When traffic's not too high on the web server, they will accept your load and pass it on at mediocre-to-fast speed, spreading its initial delivery over an erratic time span. Then put together your bomb. I use mostly disposable PPP accounts, and for that the best tool is a newsreader called Free Agent that lets you doctor headers and attachments of flexible line length. That final flexibility produces an nasty flood side to this diarrhetic spew. To: fuck_me_jesus@vivid.com From: billg@microsoft.com Subject: Bombing your ass! BCC: dipshit@ici.net, dipshit@xnet.com, dipshit@panix.com, dipshit@neosoft.com, dipshit@mindspring.com, dipshit@nortel.com, dipshit@aol.com, dipshit@beachnet.com, dipshit@msn.com, dipshit@netcom.com, dipshit@roadrunner.com, dipshit@sgi.com Attachment: n3230b4.exe In this case, I would split the file into 500 line segments, which produces a decent flood of messages that bounce in bizarre angles because of load. Boom-boom-boom slamming home? No, more like random sizes and chunks of forwarded, clumped, bounced, and third-party reject messages. If you feel particularly nasty, you should cut the size to 100 line bombs; then you're really raining on their parade! The only approach to doing this in UNIX is to write a script, which could be done pretty easily if you have some sockets programming experience. I leave that detail to others more inclined toward this type of activity. Impact ------ What's the damage? The power of this method is that it amplifies your limited bandwidth by creating a source of more than one bounce per message, automatically giving you a potent tool for intensifying whatever damage you do. However, this still probably isn't much. I think mailbombing has only psychological effect at this point, and perhaps not even that if the site filter has advanced inferencing. But if you're going to mailbomb, do it right! So you send out a five-megabyte file (overnight on your 28.8k modem) in 900-line segments to 40 bounce addresses. That's probably about 51 messages per bounce host, so 30-40 bounces per time times that is quite a slam. Not that 1500 messages of varying size are going to shut anyone down, only perhaps cause the provider to bounce all mail to the account. The novice with the PPP account is the ideal victim: desperate, he either calls tech support or leaves his modem on for three days downloading all the stuff. There's no magic bullet here, only a more effective way. The furthest extension of effectiveness with this method is paradoxically not the user, but the host of the user. If you find out that the Vatican or Israeli torture squad has left open an email address on a host of theirs, consider having a friend or two engage in this attack. I've personally seen several ISPs and at least a dozen political sites cave with this form of attack. Disadvantages ------------- The weakness in this is the logging capacities of hosts and the tendency of SMTP forwarding hosts to put the name/IP address of the transferring host in the mail headers. This makes it pretty easy for any reasonably informed halfwit to figure out where the material's coming from; take off the final octet from the IP address and do a whois remainder.* and see what comes up. Some ISP - big surprise - write postmaster message in wrath of righteous fury. While most of us find this weak attitude sniveling and irritating, we can only comment that it is effective in reducing your account to inactive status, which is the equivalent of a prematurely melted penis for any hacker. So keep this in mind and work to use pretty shabby hosts, or keep generating fakes for easy use. Disclaimer ---------- LEGAL NOTICE: If you use this information for any action then the consequences are your own and not mine or those of any person serving to you this information. This file is written for informational purposes only in full knowledge that both the good guys (hackers) and the bad guys (corporate software cocaine whores) will read this, and make changes in their behavior as a consequence. COPYFREE 1996 TH3 WAR3Z 3L33T www.anus.com/etc/31337/ [E0F]