Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Spam United States Your Rights Online

25,000-Ton Amphibious Spam Relay 323

hormiga writes "The amphibious transport dock ship San Antonio incorporates the latest quality of life standards for the embarked Marines and sailors, including the sit-up berth, ship services mall, a fitness center and learning resource center/electronic classroom and Unsolicited Bulk E-Mail. Now the Chinese can relay their spam through U.S. military naval vessels." Well, Chinese spammers, anyhow.
This discussion has been archived. No new comments can be posted.

25,000-Ton Amphibious Spam Relay

Comments Filter:
  • by Thud457 ( 234763 ) on Wednesday December 17, 2003 @02:56PM (#7747656) Homepage Journal
    I hope http://www.news.navy.mil has a sense of humor about the dreaded /. DDOS attack that they're under!!! /lamer
  • by ForestGrump ( 644805 ) on Wednesday December 17, 2003 @02:56PM (#7747658) Homepage Journal
    relaying spam to your inbox.

    This is the ideal goverment. The tax dollars working directly for its citizens.
    -Grump
    • by $ASANY ( 705279 ) on Wednesday December 17, 2003 @09:39PM (#7750462) Homepage
      You've got to understand the situation. The Navy-Marine Corps Internet project and BTBest (at least for the MSC) TCP/IP commo suite got thrown at these ships without a lot of regard to the technical resources required to manage the whole ball of wax. Each of these ships has a rack of MS Windows boxes managing LAN, commo, logistics and everything else, and they have some Chief managing the equipment who is decidedly not a network engineer. On top of that he's got to play DBA for Sybase and Oracle databases, manage numerous applications, and deal with backup and disaster management. It's too much to realistically ask a guy who's background is a lot more "sailor" than "LAN/Database/application server adminstrator. At least not while we're paying senior enlisted guys what we are.

      These technicial-draftees are extraordinarily busy. They're asked to manage really complex systems that are not terribly reliable. MS Exchange and Win2k require good people to keep them going, but throw database replication systems and the rest of their suite on top, and they spend more of their time crying for help to shoreside contractors than getting things fixed. That their MS Exchange server got penetrated is hardly a surprise given the number of fires these guys are regularly trying to keep under control.

      If they can get professional DBA's and Network Engineers on each ship and this happens, then I'd raise hell. But there aren't a whole lot of MSCEs and DBAs that want to go on 9 month sea deployments of 16-hour days with the starting salary of an E-3, which I guess is about $800/month. In the meantime, scream at Lockheed Martin, the contractor for the Navy-Marine Corps Internet (NMCI) project, which has hosed up more than they have fixed. NMCI dictates identical configurations across all systems, which makes it really likely that the vulnerability we see here exists virtually everywhere in the Navy. Lockheed designed it this way, and got paid an enormous pile of cash to do so.

      Maybe they owe us a refund?

  • by bluenova ( 533033 ) on Wednesday December 17, 2003 @02:56PM (#7747659)
    who pictured a giant, floating, can of Hormel's spicy meat concoction, peeling back it's top to release aircraft and attack vehicles? My GI Joe collection never had one of those...
  • by Kirk Troll ( 729217 ) on Wednesday December 17, 2003 @02:56PM (#7747661) Journal
    SOYLENT SPAM IS FROGS!!!
  • Wrong move. (Score:5, Funny)

    by Dark Lord Seth ( 584963 ) on Wednesday December 17, 2003 @02:56PM (#7747663) Journal

    2000 gung-ho, pissed of marines with landing craft, naval support and air support vs pasty chinese spammer with goverment welfare support.

  • Yeesh... (Score:3, Funny)

    by TopShelf ( 92521 ) on Wednesday December 17, 2003 @02:56PM (#7747664) Homepage Journal
    Obviously, instead of sealing of ports, some poor yoeman went and sealed portholes...

    yuk yuk yuk
  • by GnrlFajita ( 732246 ) <brad@thewillar d s .us> on Wednesday December 17, 2003 @02:56PM (#7747667) Homepage
    Come on, now, keep up with the times. This spammer seems a little to capitalistic to describe as a "red."

    Somebody's watched to many Cold-War-era action movies.

  • Jeeze (Score:2, Funny)

    by zeroprime ( 732475 )
    ...I just don't even know what to say
    Perhaps we need to create a 'great firewall' of our own.

    And to think that our tax dollars are being subverted to send spam.
  • Ignore them.. (Score:2, Flamebait)

    by Sir Pallas ( 696783 )
    Just add the military to your email blacklist. They've been asking for it, I'm sure. I already have to filter most of what they say, anyway. I don't see why email should be any different. (Maybe the next line of ships will come with an oil spill too.)
  • by tekiegreg ( 674773 ) * <tekieg1-slashdot@yahoo.com> on Wednesday December 17, 2003 @02:57PM (#7747677) Homepage Journal
    Well if anyone tries blacklisting the ships, I guess there'd be a Tomahawk in their building in the name of national security :-p

    But in all honesty, I'm sure (or at least I hope) more attention is given to the confidential systems than the SMTP server that the troops play around with...
  • by Elyjah ( 108222 ) on Wednesday December 17, 2003 @02:57PM (#7747678)
    Perhaps the spamming facilities on the ship are part of a US initiative to disable enemy email infrastructure?
  • by prgrmr ( 568806 ) on Wednesday December 17, 2003 @02:59PM (#7747689) Journal
    Could be:

    telnet 205.67.231.235 25
    Trying...
    Connected to 205.67.231.235.
    Escape character is '^]'.
    421 avnavfw.AVONDALE Sorry, the firewall does not provide mail service to you.
    Connection closed.
    • 421 avnavfw.AVONDALE Sorry, the
      firewall does not provide mail service to you.
      It seems like they can't figure out the difference between a mail server and a firewall. If you can connect to the port it is not firewalled off, rather the mail server prevents you from using it.

      Reminds me of the slew of buzzwords used in the movie Swordfish.
      • If you can connect to the port it is not firewalled off, rather the mail server prevents you from using it.

        How do you know the firewall isn't generating that message? A firewall can dd more than just drop packets.
      • >Reminds me of the slew of buzzwords used in the movie Swordfish.

        The tv show 24 really basterizes computer terms.

        "Mount the filter to my screen so I can route it through the log files."

        Still a good show.
        • I was with a few friends at the bar, one said he was gonna bail to go catch '24' and I asked if it was really that good. He guaranteed that I'd fall in love with it if I gave it an episode, so I left too. We get in and turn on '24' and I could only bear it for about 15 minutes, the mangled geekspeak was too much for me to handle.

          There's another 'antiterror' drama on too, one episode they landed a cargo plane on a carrier (which has been done, once). The show was just SO lame though, there was NO regard for
          • by zangdesign ( 462534 ) on Wednesday December 17, 2003 @06:05PM (#7749211) Journal
            Hollywood isn't about technical accuracy - it's about making the stuff on the screen interesting by use of special effects, tricks, gags, mummery, and occasionally acting.

            When you stare at the production script, there isn't a whole lot of detail there. The things like how many times a gun fires and damage effects and whatnot are not up to the writer in most cases. It's all decided by whoever they've hired to handle effects, or sometimes the director, and occasionally by someone with real expertise in the field, but more likely enough expertise in the field, but more expertise in keeping it interesting.

            Or to put it another way

            Technical accuracy is boring to most theatre-goers.
      • by cscx ( 541332 ) on Wednesday December 17, 2003 @03:12PM (#7747812) Homepage
        Maybe it's an SMTP proxy.

        It seems like YOU can't figure out what you're talking about.
      • It seems like they can't figure out the difference between a mail server and a firewall. If you can connect to the port it is not firewalled off, rather the mail server prevents you from using it.

        You sound like a typical "I installed ipchains on my Linux box so I am a firewall admin" n00b. Ever hear of proxy firewalls? Sheesh.

      • by jdreed1024 ( 443938 ) on Wednesday December 17, 2003 @03:44PM (#7748080)
        It seems like they can't figure out the difference between a mail server and a firewall. If you can connect to the port it is not firewalled off, rather the mail server prevents you from using it.

        Um, no. It is possible for a firewall to exist such that if you connect to it on port 25, and you're authorized to talk to that site's mail server, it passes your packets through the firewall and on to the mail server. If you are not authorized, it either drops your packets on the floor, or respond with a message such as this one. 421 is the RFC822 code for "service not available". Just because a machine answers on 25 does not mean it's a "mail server" (tm). What it's saying is "I am not going to provide mail service to you because I don't know your IP address." 'Mail service" simply means "access to some sort of MTA". It does not imply that the machine is in fact a mail server masquerading as a firewall. There are such things a proxy firewalls, and that's clearly what this is.

      • by Medieval ( 41719 ) on Wednesday December 17, 2003 @03:54PM (#7748181) Homepage
        That's a message from Symantec Enterprise Firewall (Raptor Firewall.)

        Its an SMTP proxy; if you try to connect to the firewall or an SMTP server on the far side of it on port 25 (or other configured ports) and there's no rule allowing it, you get this message.
    • Yes, but wouldn't this also mean they couldn't accept incoming emails?
      • No, because that machine is not the MX server for its domain. The mail server which actually handles mail for that domain relays mail to avnavfw.pms317.navy.mil and is no doubt allowed to do so by the firewall.
  • by Guano_Jim ( 157555 ) on Wednesday December 17, 2003 @02:59PM (#7747696)
    In the event of Taiwan's declaring independence from the mainland, we can instantly flood Beijing with ads for penis enlargement!

    That will slow down the PRC armies long enough for us to convince them that they don't really need Tawian and should focus on switching over to an economy based on turkey guts [slashdot.org].

    Evangelizing turkey guts since mid-2003.
  • Text of the Article (Score:5, Informative)

    by iamweezman ( 648494 ) on Wednesday December 17, 2003 @03:00PM (#7747709)
    The ship supports the Marine Corps "mobility triad," the LCAC
    (Landing Craft Air Cushion vehicle), the "Triple A-V" (AAAV -
    Advanced Amphibious Assault Vehicle) and the MV-22 (Osprey
    tiltrotor aircraft),

    and (apparently) spammers in Guandong. Rd China.

    Furthermore, San Antonio incorporates the latest quality of life
    standards for the embarked Marines and sailors, including the sit-up
    berth, ship services mall, a fitness center and learning resource
    center/electronic classroom

    and Unsolicited Bulk E-Mail.

    Of course, it's possible that one of the OTHER eleven ships, still under
    construction, is the Avondale, LA dot-MIL spam relay, or trojaned boat,
    or some nice-and-secure Windows box in the construction drydocks, running
    Microsoft Exchange Internet Mail Service Version 5.5.2653.13

    But doesn't it make all Americans feel all fuzzy and secure that a
    Red Chinese spammer can abuse a US Naval Vessel of one of the newest
    designs, to relay his "business proposition"?

    Perhaps it's tied to the USS Green Bay, instead? or USS New Orleans?
    http://www.navsea.navy.mil/newswire_content.asp?tx tDataID=8963&txtTypeID=2

    The USS Mesa Verde, seems to be in Mississippi, instead
    http://www.navsea.navy.mil/newswire_content.asp?tx tDataID=8663&txtTypeID=2

    But the E-Mail headers finger the USS San Antonio, LPD 17, already
    christened, and due for commissioning some time this coming year.

    LPD 17 Looks Like a "Gator"

    http://www.navsea.navy.mil/newswire_content.asp?tx tDataID=8596&txtTypeID=2

    but from here, it just looks like another spammer.

    [SPECIMEN]
    H: Return-Path:
    H: Received: from avnavfw.lpd17.navsea.navy.mil
    H: (avnavfw.pms317.navy.mil [05.67.231.235])
    H: by mail.gtcs.com (8.12.10/8.11.3/gtcs-6.3.8) with SMTP
    H: id hBG65HO8091853
    H: for ; Mon, 15 Dec 2003 23:06:39 -0700 (MST)
    H: (envelope-from: )
    H: X-Authentication-Warning: serv.gtcs.com: Host
    H: avnavfw.pms317.navy.mil [205.67.231.235]
    H: claimed to be avnavfw.lpd17.navsea.navy.mil
    H: Received: from no.name.available by anavfw.lpd17.navsea.navy.mil
    H: via smtpd (for [209.181.16.1]) with SMTP; 16 Dec 2003 05:53:08 UT
    H: Received: from avnavfw.AVONDALE (205.67.231.5 [205.67.231.5]) by
    H: swn-email.lpd17.navy.mil with SMTP (Microsoft Exchange Internet Mail
    H: Service Version 5.5.2653.13)
    H: id YY2BDP4P; Tue, 16 Dec 2003 00:07:28 -0600
    H: From: "HuatonE-ScooterCo.,Ltd"
    H: Received: from [61.145.234.62] by avnavfw.AVONDALE
    H: via smtpd (for [205.66.99.30]) with SMTP; 16 Dec 2003 05:51:47 UT
    H: Subject: Re.About our new product
    H: Content-Type: text/html
    H: Date: Tue, 16 Dec 2003 13:57:41 +0800
    H: X-Priority: 3

    [extract from HTML body]
    B: Our company specializes in exporting electric & gas scooters, which
    B: are most popular with our customers at home and abroad. Now we are
    B: writing to offer you an opportunity to develop a mutual trade. If
    B: you are interested in establishing business relations with us, please
    B: let us know your requirements. Then we would like to forward catalogues
    B: as well as detailed information to you, and offer the best price to
    B: you. We assure you of our best attention to your any inquiries.
    B: We anticipate your early response in respect.

    B: Huaton E-scooter Co., Ltd.
    B: Room.B-202,Building Si-Hai-Ming-Yuan
    B: Burg Weiji,Zone Gongbei
    B: City Zhuhai 519020
    B: Province Kwangtung,China
    B: Tel:86-756-821-6922
    B: Fax:86-756-888-3037 ...

    Spam support by:
    The US Navy, Avondale Lousiana Shipyard, Frewall, a
  • by MyNameIsFred ( 543994 ) * on Wednesday December 17, 2003 @03:01PM (#7747717)
    I hate to destroy part of a good story. But San Antonio is NOT, repeat NOT the spam relay. LANs on ships are NOT connected to the Internet. The military has its own non-public networks for ships. Furthermore, San Antonio has NOT been delivered to the Navy. It is still under construction. That's the good news. The bad news, is that a Navy site has been compromised. The headers give us some clues. avnavfw.pms317.navy.mil is a Navy address. PMS317 is the Navy program office responsible for building the San Antonio class of ships. Avondale Shipyard is where the ships are built.
  • Special. (Score:5, Interesting)

    by sparkie ( 60749 ) on Wednesday December 17, 2003 @03:01PM (#7747718) Homepage
    Naval ships have had internet access before this ship. As a Marine I've sent and received E-Mails from more than 1 or 2 ships in the fleet.
    • Re:Special. (Score:5, Insightful)

      by xyzzy ( 10685 ) on Wednesday December 17, 2003 @03:39PM (#7748028) Homepage
      Right, but the distinction here is that the Email does not generally come delivered directly from the *ship*, but from some stateside server, probably part of NMCI (the Navy Marine Corps Internet). There are N firewalls between here and there, if for no other reason than the bandwidth from ship to shore is INCREDIBLY small (like: 256kbit for the entire ship, secure, classified, public, you name it). It would make a LOUSY spam relay.
    • Re:Special. (Score:5, Insightful)

      by Teflonatron ( 202441 ) on Wednesday December 17, 2003 @03:41PM (#7748044)
      You were using NIPRNET, which is connected to the Internet at only a few (very controlled) locations in the world...

      Any sensitve IP communications are handled over SIPRNET, which is never (or should never be) connected to NIPRNET.
  • I've heard (Score:2, Funny)

    by Lipongo ( 704267 )
    Of spam in a Can, but never spam in a boat.
  • by jamonterrell ( 517500 ) on Wednesday December 17, 2003 @03:02PM (#7747722)
    ...because they certainly aren't relaying webpages very good at the moment.

    Someone want to post the article?
  • by Chatmag ( 646500 ) <editor@chatmag.com> on Wednesday December 17, 2003 @03:06PM (#7747754) Homepage Journal
    As we reported in our annual report of the top ten Internet chat topics for 2003 [chatmag.com], the U.S. Navy uses secure chat rooms for communication on board ships.

    Apparently they missed securing their email server. I wonder if keelhauling is still allowed.
  • by common middle name ( 657525 ) on Wednesday December 17, 2003 @03:16PM (#7747850)
    Didn't the DOD just get a grade of F
    for network security?
  • As soon as.. (Score:5, Interesting)

    by herrvinny ( 698679 ) on Wednesday December 17, 2003 @03:18PM (#7747860)
    As soon as I saw this on /.'s front page, I went "Oh dear God"... Anyone else think, when glancing at the headline, that spammers had purchased a retired boat, put it in international waters, and spammed away from it?

    Then I RTFA'ed. Pretty sad that military servers are compromised by nothing other than some stupid spammers. Makes you think what Chinese or other rogue government sponsored hackers could do to our systems if we even went to war with them....

    The next war, if we fight it with a non african or Middle Eastern country, is going to involve cyber assualts. Hope the Pentagon is going to firm up their defenses more, both electronically and physically. Maybe they can even get the services of Akamai; they're practically DDOS-proof.
    • Yup, that's what I thought as well. The thought "they couldn't afford that" went through my mind so I assumed some enterprising enterprise who needed web connectivity on its boats was being a facilitator. Didn't think that the US Navy would be the guilty part though.
    • Re:As soon as.. (Score:4, Informative)

      by d-rock ( 113041 ) on Wednesday December 17, 2003 @03:33PM (#7747980) Homepage
      I have a feeling that the important systems on the ship are completely isolated from anything with Internet access. I knew a guy who installed servers at military bases and each person would have two computers at their desk, one connected to the Internet (through a firewall and some other stuff), and one on the sensitive side. Also something like the screen on the sensitive side had wallpaper like "Danger!Danger!Danger!Danger!", etc.

      Derek
  • If these boats are nodes on the controversial new Navy-Marine Corps-Internet, it'll be down for repair most of the time.
  • What makes the ship amphibious? From looking at the ship, looks like a regular water-only ship.

    Or is it what it transport that is amphibious?

    Talk about ambiguous!
    • Re:Amphi? (Score:5, Informative)

      by Phaid ( 938 ) on Wednesday December 17, 2003 @03:30PM (#7747953) Homepage
      LPD-17 class ships (Landing Platform, Dock) are not themselves amphibious, but transport amphibious craft such as LCACs (Landing Craft, Air Cushion) and other vehicles used in amphibious operations.

      For more information on these ships, see . [fas.org]
    • On that note...

      Now the Chinese can relay their spam through U.S. military naval vessels.

      So which U.S. Naval vessels aren't military?

      • Now the Chinese can relay their spam through U.S. military naval vessels.


        So which U.S. Naval vessels aren't military?

        Or: witch military vessels aren't naval?
        • All the Army Watercraft are not navy!
          The Army Transportation Corps (wo)man the tugboats. They handle the ship to shore transport of equipment and supplies.

          Not sure of the numbers now, but back in the 80s, the US Army has more watercraft than the Navy, more aircraft than the Airforce, and more grunts than the Marines.

          Check FAS.org [fas.org] for more info on the "Army's navy"
          Another good place for information on the Transportation corps is Ft Eustis [army.mil]
      • Re:Amphi? (Score:2, Informative)

        by craw ( 6958 )
        Actually with a few exceptions, the bulk of the "blue water" US scientific ships (e.g., AGOR class) are owned by the US Navy and are on loan to various academic institutions. These ships are distinctly different than their military counterparts as their hulls are painted white instead of gray.
  • by Uninvited Guest ( 237316 ) on Wednesday December 17, 2003 @03:26PM (#7747923)
    25,000 tons?! I'm sure I could build an unsolicated bulk email server that weighs less than 1 ton.
    ---Okay, so it wouldn't be amphibious.
  • by GeoGreg ( 631708 ) on Wednesday December 17, 2003 @03:33PM (#7747981)
    I do not like unsolicited Spam!

    I do not like it from a boat

    I do not like it from a goat

    I don't need a huge torpedo

    I don't need help with my libido

    I do not like it from Chinese

    I do not like it, stop it, please!

    I do not like unsolicited Spam,

    So please REMOVE ME Sam I Am!

  • Don't you think that thy just might use the names of ships etc for the names of their servers.
  • ...you might want to think twice before you try to hack this [navy.mil] to "help" them.

    Specially if you live near a coast.
  • by Dave21212 ( 256924 ) <dav@spamcop.net> on Wednesday December 17, 2003 @03:46PM (#7748096) Homepage Journal

    Why not just buy a scooter from the guy - then they will stop emailing you.

    ;)

    Seriously though, it seems to be questionable if any military network was actually compromised...
  • zerg (Score:2, Insightful)

    Remember when that Kuro5hin poster was concerned about the safety of the Vice President, and he got a visit from the Feds because they thought he was making threats against the VPs life? If they've got the time (and money!) to deal with ridiculous shit like that, then surely they can take care of an issue like this, right?

    I mean, seriously, spam costs money, right? It doesn't cost the spammers anything, but the compromised relays must be losing out from cost of bandwidth and deterioration of service, rig
  • by Anonymous Coward
    Good to see the Navy centralizes control of their boondoggle projects.
  • by Anonymous Coward on Wednesday December 17, 2003 @04:02PM (#7748275)
    I swear I tried to bring this up as a Sgt in the Marines back in early 90's. I was attached to the Marine Corps element that had decision making on what computer operating systems to use. The Officers in charge started going the way towards Microsoft. The Marines at that time had Banyan servers and had to worry over virus infections, but not on the servers.
    I told the Officers that if we get Microsoft servers, we will have nothing but cracking and virus infections on the servers. No one wanted to listen. Microsoft pretty much snowballed them and sold them a bill of goods that are leaving the military open to attacks.
    I can bet that someone loses their job over this one. I just hope it isn't a person who turns out to be a fall guy.

  • by Sabalon ( 1684 ) on Wednesday December 17, 2003 @04:31PM (#7748493)
    See...just one day after Bush signs the dma spam law and the spammers have gone and moved their operations off-shore.
  • by wizkid ( 13692 ) on Wednesday December 17, 2003 @04:33PM (#7748509) Homepage

    They'll want bigger faster spam relays!! :)
  • I've been known to be kind of dense before, but can someone explain this? I read the article, and found it to be completely incoherent; as if someone took an article and randomly threw "spam" into the middle of it. Maybe I'm just really tired, but that article made _no_ sense to me.
  • Does this mean the American military will go after the spammers for theft of service?
  • Angry email user: You damn spammers flooded my inbox making me miss my kids email.

    Spammer: tell it to the marines.

    Angry email user: WE ARE THE MARINES!

    Spammer: Oops.

  • This is still in the Northrop Grumman dry dock in New Orleans...

    If anyone's at fault for the open relay, it's probably Northrop Grumman, but I'ld say it's just someone with a Linux box in the ship yard (I'm not gonna scan a .mil address to find out) :)

    Anyhow, this is likely a non-issue, as the .mil will probably install their own systems once Northrop Grumman is done with it...the only thing that is likely to be left over in the end is their ship control systems (no need for a mail server there)...

    This i

The best defense against logic is ignorance.

Working...