-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wednesday, 31 March 2021 02:27 -0000,
in article <s40mlt$qe0$
2...@dont-email.me>,
> We're in the midst of a hipclone attack through your server. I've
> seen 1000 articles thus far, and it's still ongoing.
As I noted, with respect to the forgeries of Archimedes Plutonium
propagating from
neodome.net, they are running a wide open NNTP
server, which is specifically designed to accept connections via Tor
and I2P anonymous networks. What could possibly go wrong?
> Could you LART this shithead?
Judging by the handful of messages I've seem, in news.software.*, from
Neodome Admin <
ad...@neodome.net>, they're quite pleased with their
intentionally designed for net-abuse facilitation service.
Spot checks show a few upstream feeds. If you are not getting any
traction via the channel provided, <
ab...@neodome.net>, contacting
their feeds would seem appropriate.
So far as filtering, those reading from servers running INN should be
able to filter based any consistent header provided, as this software
allows pattern matching on any header. In this instance, the
Injection-Info header appears to be static, although it was not in the
past. Even so, the beginning of the header has remained consistent.
$ telnet
news.mixmin.net nntp
Trying 144.76.182.167...
Connected to
news.mixmin.net.
Escape character is '^]'.
200
news.mixmin.net InterNetNews NNRP server INN 2.7.0 (20200329 prerelease) ready (posting ok)
GROUP or.politics
211 13236 621506 644664 or.politics
XPAT INJECTION-INFO 644600-644664
neodome.net;*
221 Header information for INJECTION-INFO follows (from articles)
644601
neodome.net; mail-complaints-to="
ab...@neodome.net"
644604
neodome.net; mail-complaints-to="
ab...@neodome.net"
644632
neodome.net; mail-complaints-to="
ab...@neodome.net"
644635
neodome.net; mail-complaints-to="
ab...@neodome.net"
644636
neodome.net; mail-complaints-to="
ab...@neodome.net"
644637
neodome.net; mail-complaints-to="
ab...@neodome.net"
644645
neodome.net; mail-complaints-to="
ab...@neodome.net"
644646
neodome.net; mail-complaints-to="
ab...@neodome.net"
644647
neodome.net; mail-complaints-to="
ab...@neodome.net"
644648
neodome.net; mail-complaints-to="
ab...@neodome.net"
644649
neodome.net; mail-complaints-to="
ab...@neodome.net"
644650
neodome.net; mail-complaints-to="
ab...@neodome.net"
644651
neodome.net; mail-complaints-to="
ab...@neodome.net"
644652
neodome.net; mail-complaints-to="
ab...@neodome.net"
644653
neodome.net; mail-complaints-to="
ab...@neodome.net"
644654
neodome.net; mail-complaints-to="
ab...@neodome.net"
644655
neodome.net; mail-complaints-to="
ab...@neodome.net"
.
This header will only appear in articles posted to
neodome.net.
The only other header providing a degree of stability is in the Path
statement.
XPAT PATH 644600-644664 *\!
news.neodome.net\!*
221 Header information for PATH follows (from articles)
644601
news.mixmin.net!
news.neodome.net!.POSTED!not-for-mail
644604
news.mixmin.net!
news.neodome.net!.POSTED!not-for-mail
644632
news.mixmin.net!
news.neodome.net!.POSTED!not-for-mail
644635
news.mixmin.net!
news.neodome.net!.POSTED!not-for-mail
644636
news.mixmin.net!
news.neodome.net!.POSTED!not-for-mail
644637
news.mixmin.net!
news.neodome.net!.POSTED!not-for-mail
644645
news.mixmin.net!
news.neodome.net!.POSTED!not-for-mail
644646
news.mixmin.net!
news.neodome.net!.POSTED!not-for-mail
644647
news.mixmin.net!
news.neodome.net!.POSTED!not-for-mail
644648
news.mixmin.net!
news.neodome.net!.POSTED!not-for-mail
644649
news.mixmin.net!
news.neodome.net!.POSTED!not-for-mail
644650
news.mixmin.net!
news.neodome.net!.POSTED!not-for-mail
644651
news.mixmin.net!
news.neodome.net!.POSTED!not-for-mail
644652
news.mixmin.net!
news.neodome.net!.POSTED!not-for-mail
644653
news.mixmin.net!
news.neodome.net!.POSTED!not-for-mail
644654
news.mixmin.net!
news.neodome.net!.POSTED!not-for-mail
644655
news.mixmin.net!
news.neodome.net!.POSTED!not-for-mail
.
The entire Path tail may be a suitable definition, as it includes only
articles posted to this outfit, without prejudicing anything which
might transit through it.
XPAT PATH 644600-644664 *\!
news.neodome.net\!.POSTED\!not-for-mail
221 Header information for PATH follows (from articles)
644601
news.mixmin.net!
news.neodome.net!.POSTED!not-for-mail
644604
news.mixmin.net!
news.neodome.net!.POSTED!not-for-mail
644632
news.mixmin.net!
news.neodome.net!.POSTED!not-for-mail
644635
news.mixmin.net!
news.neodome.net!.POSTED!not-for-mail
644636
news.mixmin.net!
news.neodome.net!.POSTED!not-for-mail
644637
news.mixmin.net!
news.neodome.net!.POSTED!not-for-mail
644645
news.mixmin.net!
news.neodome.net!.POSTED!not-for-mail
644646
news.mixmin.net!
news.neodome.net!.POSTED!not-for-mail
644647
news.mixmin.net!
news.neodome.net!.POSTED!not-for-mail
644648
news.mixmin.net!
news.neodome.net!.POSTED!not-for-mail
644649
news.mixmin.net!
news.neodome.net!.POSTED!not-for-mail
644650
news.mixmin.net!
news.neodome.net!.POSTED!not-for-mail
644651
news.mixmin.net!
news.neodome.net!.POSTED!not-for-mail
644652
news.mixmin.net!
news.neodome.net!.POSTED!not-for-mail
644653
news.mixmin.net!
news.neodome.net!.POSTED!not-for-mail
644654
news.mixmin.net!
news.neodome.net!.POSTED!not-for-mail
644655
news.mixmin.net!
news.neodome.net!.POSTED!not-for-mail
.
For those dealing with servers which do not allow XPAT, filtering
based on the count of colons (":") in the Xref header, provided in the
overview (XOVER or OVER) may provide some relief, in limiting the
number of groups to which articles have been cross-posted. It does
not, however, specify the target.
OVER 644654-644655
224 Overview information for 644654-644655 follows
644654 BREAKING NEWS: Uncontrollable Rightist Outrage As Trump Dead - Expect Riots, Gun Play, Fat Old Men Dying of Heart Attacks BTR1701 <
532...@gmail.com> Wed, 31 Mar 2021 01:27:35 -0000 (UTC) <s40j67$1rir$
1...@neodome.net> 1531 7 Xref:
news.mixmin.net alt.fan.rush-limbaugh:3076888 alt.politics.trump:126784 alt.tv.pol-incorrect:41726
rec.arts.tv:1803304 talk.politics.guns:1549731 talk.politics.misc:1527646 soc.retirement:963765 uk.politics.misc:1355496 alt.global-warming:869302 alt.atheism:3902767 alt.conspiracy:542798 alt.politics.democrats.d:276268 or.politics:644654 can.politics:854925
644655 Re: Please, don't sign the petition BTR1701 <
s...@gmail.com> Wed, 31 Mar 2021 01:27:53 -0000 (UTC) <s40j6p$1rir$
2...@neodome.net> <
f3o62g1li1sljag82...@4ax.com> <s009up$srj$
2...@gioia.aioe.org> <s0321r$1nfq$
2...@gioia.aioe.org> 4434 94 Xref:
news.mixmin.net alt.fan.rush-limbaugh:3076889 alt.politics.trump:126785 alt.tv.pol-incorrect:41727
rec.arts.tv:1803305 talk.politics.guns:1549732 talk.politics.misc:1527647 soc.retirement:963766 uk.politics.misc:1355497 alt.global-warming:869303 alt.atheism:3902768 alt.conspiracy:542799 alt.politics.democrats.d:276269 or.politics:644655 can.politics:854926
.
HEAD 644655
221 644655 <s40j6p$1rir$
2...@neodome.net> head
Path:
news.mixmin.net!
news.neodome.net!.POSTED!not-for-mail
From: BTR1701 <
s...@gmail.com>
Newsgroups: alt.fan.rush-limbaugh,alt.politics,alt.politics.trump,alt.tv.pol-incorrect,
rec.arts.tv,talk.politics.guns,talk.politics.misc,soc.retirement,uk.politics.misc,alt.global-warming,alt.atheism,alt.conspiracy,alt.politics.democrats.d,or.politics,can.politics
Subject: Re: Please, don't sign the petition
Followup-To: alt.fan.rush-limbaugh
Date: Wed, 31 Mar 2021 01:27:53 -0000 (UTC)
Organization: ea
Message-ID: <s40j6p$1rir$
2...@neodome.net>
References: <
f3o62g1li1sljag82...@4ax.com> <s009up$srj$
2...@gioia.aioe.org> <s0321r$1nfq$
2...@gioia.aioe.org>
Injection-Date: Wed, 31 Mar 2021 01:27:53 -0000 (UTC)
Injection-Info:
neodome.net; mail-complaints-to="
ab...@neodome.net"
User-Agent: Xnews/2006.08.05
Xref:
news.mixmin.net alt.fan.rush-limbaugh:3076889 alt.politics.trump:126785 alt.tv.pol-incorrect:41727
rec.arts.tv:1803305 talk.politics.guns:1549732 talk.politics.misc:1527647 soc.retirement:963766 uk.politics.misc:1355497 alt.global-warming:869303 alt.atheism:3902768 alt.conspiracy:542799 alt.politics.democrats.d:276269 or.politics:644655 can.politics:854926
.
For those using newsreaders which are designed to filter based on the
email addresses shown in the From headers, ...
XHDR FROM 644647-644655
221 Header or metadata information for FROM follows (from overview)
644647 BTR1701 <
G...@inbox1.com>
644648 BTR1701 <
fd...@gmail.com>
644649 BTR1701 <
55...@gmail.com>
644650 BTR1701 <
fds...@gmail.com>
644651 BTR1701 <
BTR1...@jam.rr.com>
644652 BTR1701 <
j...@gmail.com>
644653 BTR1701 <
534...@gmail.com>
644654 BTR1701 <
532...@gmail.com>
644655 BTR1701 <
s...@gmail.com>
.
QUIT
205 Bye!
Connection closed by foreign host.
Personally, I would recommend anvils from low earth orbit.
- --
David Ritz <
dr...@mindspring.com>
"There is nothing worse than having a spare couple of hours and you
can't find an open server to abuse." - Tim Thorne - 26 Dec 1998
-----BEGIN PGP SIGNATURE-----
iF0EARECAB0WIQSc0FU3XAVGYDjSGUhSvCmZGhLe6wUCYGTg0wAKCRBSvCmZGhLe
6znvAJ9jRRMlAib5xp9td4NOLNVb+7tv2wCg3jxQDMGG4lkvfF8OTABA85LPVIM=
=033L
-----END PGP SIGNATURE-----