25,000-Ton Amphibious Spam Relay

hormiga writes "The amphibious transport dock ship San Antonio incorporates the latest quality of life standards for the embarked Marines and sailors, including the sit-up berth, ship services mall, a fitness center and learning resource center/electronic classroom and Unsolicited Bulk E-Mail. Now the Chinese can relay their spam through U.S. military naval vessels." Well, Chinese spammers, anyhow.

That's an act of WAR!

[Thud457]

I hope http://www.news.navy.mil has a sense of humor about the dreaded /. DDOS attack that they're under!!! /lamer

Re:That's an act of WAR!

[swordboy]

Those damn Chinese Sons of Bitches!

Your tax dollars hard at work

[ForestGrump]

relaying spam to your inbox.

This is the ideal goverment. The tax dollars working directly for its citizens.
-Grump

Re:Your tax dollars hard at work

[$ASANY]

You've got to understand the situation. The Navy-Marine Corps Internet project and BTBest (at least for the MSC) TCP/IP commo suite got thrown at these ships without a lot of regard to the technical resources required to manage the whole ball of wax. Each of these ships has a rack of MS Windows boxes managing LAN, commo, logistics and everything else, and they have some Chief managing the equipment who is decidedly not a network engineer. On top of that he's got to play DBA for Sybase and Oracle databases, manage numerous applications, and deal with backup and disaster management. It's too much to realistically ask a guy who's background is a lot more "sailor" than "LAN/Database/application server adminstrator. At least not while we're paying senior enlisted guys what we are.

These technicial-draftees are extraordinarily busy. They're asked to manage really complex systems that are not terribly reliable. MS Exchange and Win2k require good people to keep them going, but throw database replication systems and the rest of their suite on top, and they spend more of their time crying for help to shoreside contractors than getting things fixed. That their MS Exchange server got penetrated is hardly a surprise given the number of fires these guys are regularly trying to keep under control.

If they can get professional DBA's and Network Engineers on each ship and this happens, then I'd raise hell. But there aren't a whole lot of MSCEs and DBAs that want to go on 9 month sea deployments of 16-hour days with the starting salary of an E-3, which I guess is about $800/month. In the meantime, scream at Lockheed Martin, the contractor for the Navy-Marine Corps Internet (NMCI) project, which has hosed up more than they have fixed. NMCI dictates identical configurations across all systems, which makes it really likely that the vulnerability we see here exists virtually everywhere in the Navy. Lockheed designed it this way, and got paid an enormous pile of cash to do so.

Maybe they owe us a refund?

Re:Your tax dollars hard at work

[rabbits77]

Do you really think anybody gets paid $800 a month in the military? Maybe if they had incurred multiple severe fines for screwing up royally. I don't know what it is nowadays but when I was an E-1 about 10 years ago the pay was *struggles to remember* more like $1400 a month for the lowiest of the low E-1 nobody.

am I the only one...

[bluenova]

who pictured a giant, floating, can of Hormel's spicy meat concoction, peeling back it's top to release aircraft and attack vehicles? My GI Joe collection never had one of those...

Amphibious Spam Relay?

[Kirk+Troll]

SOYLENT SPAM IS FROGS!!!

Wrong move.

[Dark+Lord+Seth]

2000 gung-ho, pissed of marines with landing craft, naval support and air support vs pasty chinese spammer with goverment welfare support.

Re:Wrong move.

[Uma+Thurman]

Another wrong move: Marines hate it when their ship gets slashdotted.

Re:Wrong move.

[dasmegabyte]

pasty chinese spammer with goverment welfare support

Who knows kung fu.

I mean, if we're gonna pull out racist stereotypes, let's pull them all out, huh?

"Red" Chinese?

[GnrlFajita]

Come on, now, keep up with the times. This spammer seems a little to capitalistic to describe as a "red."

Somebody's watched to many Cold-War-era action movies.

Blacklisting the United States Navy?

[tekiegreg]

Well if anyone tries blacklisting the ships, I guess there'd be a Tomahawk in their building in the name of national security :-p

But in all honesty, I'm sure (or at least I hope) more attention is given to the confidential systems than the SMTP server that the troops play around with...

Re:Blacklisting the United States Navy?

[trentblase]

I have my spam filter set to bounce all Tomahawk missles. If one does happen to get through, abuse@navy.mil is going to be hearing from me.

Re:Blacklisting the United States Navy?

[srmalloy]

I have my spam filter set to bounce all Tomahawk missles. If one does happen to get through, abuse@navy.mil is going to be hearing from me.

The Tomahawk's warhead does make for (if you will pardon the clicheed phrase) the 'mother of all DOS attacks', though...

Part of the plan?

[Elyjah]

Perhaps the spamming facilities on the ship are part of a US initiative to disable enemy email infrastructure?

slashdotters in the military?

[prgrmr]

Could be:

telnet 205.67.231.235 25
Trying...
Connected to 205.67.231.235.
Escape character is '^]'.
421 avnavfw.AVONDALE Sorry, the firewall does not provide mail service to you.
Connection closed.

Re:slashdotters in the military?

[jdreed1024]

It seems like they can't figure out the difference between a mail server and a firewall. If you can connect to the port it is not firewalled off, rather the mail server prevents you from using it.

Um, no. It is possible for a firewall to exist such that if you connect to it on port 25, and you're authorized to talk to that site's mail server, it passes your packets through the firewall and on to the mail server. If you are not authorized, it either drops your packets on the floor, or respond with a message such as this one. 421 is the RFC822 code for "service not available". Just because a machine answers on 25 does not mean it's a "mail server" (tm). What it's saying is "I am not going to provide mail service to you because I don't know your IP address." 'Mail service" simply means "access to some sort of MTA". It does not imply that the machine is in fact a mail server masquerading as a firewall. There are such things a proxy firewalls, and that's clearly what this is.

Re:slashdotters in the military?

[Medieval]

That's a message from Symantec Enterprise Firewall (Raptor Firewall.)

Its an SMTP proxy; if you try to connect to the firewall or an SMTP server on the far side of it on port 25 (or other configured ports) and there's no rule allowing it, you get this message.

This is a good thing!

[Guano_Jim]

In the event of Taiwan's declaring independence from the mainland, we can instantly flood Beijing with ads for penis enlargement!

That will slow down the PRC armies long enough for us to convince them that they don't really need Tawian and should focus on switching over to an economy based on turkey guts.

Evangelizing turkey guts since mid-2003.

Text of the Article

[iamweezman]

The ship supports the Marine Corps "mobility triad," the LCAC
(Landing Craft Air Cushion vehicle), the "Triple A-V" (AAAV -
Advanced Amphibious Assault Vehicle) and the MV-22 (Osprey
tiltrotor aircraft),

and (apparently) spammers in Guandong. Rd China.

Furthermore, San Antonio incorporates the latest quality of life
standards for the embarked Marines and sailors, including the sit-up
berth, ship services mall, a fitness center and learning resource
center/electronic classroom

and Unsolicited Bulk E-Mail.

Of course, it's possible that one of the OTHER eleven ships, still under
construction, is the Avondale, LA dot-MIL spam relay, or trojaned boat,
or some nice-and-secure Windows box in the construction drydocks, running
Microsoft Exchange Internet Mail Service Version 5.5.2653.13

But doesn't it make all Americans feel all fuzzy and secure that a
Red Chinese spammer can abuse a US Naval Vessel of one of the newest
designs, to relay his "business proposition"?

Perhaps it's tied to the USS Green Bay, instead? or USS New Orleans?
http://www.navsea.navy.mil/newswire_content.asp?tx tDataID=8963&txtTypeID=2

The USS Mesa Verde, seems to be in Mississippi, instead
http://www.navsea.navy.mil/newswire_content.asp?tx tDataID=8663&txtTypeID=2

But the E-Mail headers finger the USS San Antonio, LPD 17, already
christened, and due for commissioning some time this coming year.

LPD 17 Looks Like a "Gator"

http://www.navsea.navy.mil/newswire_content.asp?tx tDataID=8596&txtTypeID=2

but from here, it just looks like another spammer.

[SPECIMEN]
H: Return-Path:
H: Received: from avnavfw.lpd17.navsea.navy.mil
H: (avnavfw.pms317.navy.mil [05.67.231.235])
H: by mail.gtcs.com (8.12.10/8.11.3/gtcs-6.3.8) with SMTP
H: id hBG65HO8091853
H: for ; Mon, 15 Dec 2003 23:06:39 -0700 (MST)
H: (envelope-from: )
H: X-Authentication-Warning: serv.gtcs.com: Host
H: avnavfw.pms317.navy.mil [205.67.231.235]
H: claimed to be avnavfw.lpd17.navsea.navy.mil
H: Received: from no.name.available by anavfw.lpd17.navsea.navy.mil
H: via smtpd (for [209.181.16.1]) with SMTP; 16 Dec 2003 05:53:08 UT
H: Received: from avnavfw.AVONDALE (205.67.231.5 [205.67.231.5]) by
H: swn-email.lpd17.navy.mil with SMTP (Microsoft Exchange Internet Mail
H: Service Version 5.5.2653.13)
H: id YY2BDP4P; Tue, 16 Dec 2003 00:07:28 -0600
H: From: "HuatonE-ScooterCo.,Ltd"
H: Received: from [61.145.234.62] by avnavfw.AVONDALE
H: via smtpd (for [205.66.99.30]) with SMTP; 16 Dec 2003 05:51:47 UT
H: Subject: Re.About our new product
H: Content-Type: text/html
H: Date: Tue, 16 Dec 2003 13:57:41 +0800
H: X-Priority: 3

[extract from HTML body]
B: Our company specializes in exporting electric & gas scooters, which
B: are most popular with our customers at home and abroad. Now we are
B: writing to offer you an opportunity to develop a mutual trade. If
B: you are interested in establishing business relations with us, please
B: let us know your requirements. Then we would like to forward catalogues
B: as well as detailed information to you, and offer the best price to
B: you. We assure you of our best attention to your any inquiries.
B: We anticipate your early response in respect.

B: Huaton E-scooter Co., Ltd.
B: Room.B-202,Building Si-Hai-Ming-Yuan
B: Burg Weiji,Zone Gongbei
B: City Zhuhai 519020
B: Province Kwangtung,China
B: Tel:86-756-821-6922
B: Fax:86-756-888-3037 ...

Spam support by:
The US Navy, Avondale Lousiana Shipyard, Frewall, a

San Antonio has NOT been compromised

[MyNameIsFred]

I hate to destroy part of a good story. But San Antonio is NOT, repeat NOT the spam relay. LANs on ships are NOT connected to the Internet. The military has its own non-public networks for ships. Furthermore, San Antonio has NOT been delivered to the Navy. It is still under construction. That's the good news. The bad news, is that a Navy site has been compromised. The headers give us some clues. avnavfw.pms317.navy.mil is a Navy address. PMS317 is the Navy program office responsible for building the San Antonio class of ships. Avondale Shipyard is where the ships are built.

Re:San Antonio has NOT been compromised

[RobertB-DC]

I hate to destroy part of a good story.

I think the proper terminology in this case would be, "I hate to torpedo part of a good story."

Then again... maybe not.

Re:San Antonio has NOT been compromised

[jmkaza]

LANs on ships are NOT connected to the Internet

I spent a year on ship, and sent/received email, surfed the web, and filed my maintainance reports and supply requests from the same pc. There was limits on what we could do, but we were definitely connected to the net.

Special.

[sparkie]

Naval ships have had internet access before this ship. As a Marine I've sent and received E-Mails from more than 1 or 2 ships in the fleet.

Re:Special.

[xyzzy]

Right, but the distinction here is that the Email does not generally come delivered directly from the *ship*, but from some stateside server, probably part of NMCI (the Navy Marine Corps Internet). There are N firewalls between here and there, if for no other reason than the bandwidth from ship to shore is INCREDIBLY small (like: 256kbit for the entire ship, secure, classified, public, you name it). It would make a LOUSY spam relay.

Re:Special.

[Teflonatron]

You were using NIPRNET, which is connected to the Internet at only a few (very controlled) locations in the world...

Any sensitve IP communications are handled over SIPRNET, which is never (or should never be) connected to NIPRNET.

At least .mil servers are good at relaying spam...

[jamonterrell]

...because they certainly aren't relaying webpages very good at the moment.

Someone want to post the article?

MAKE IT BIGGER 39586-184=50

[trentblase]

It's true, women prefer men with LARGE GOVERNMENTS. Communism can help you regrow hair, and in communist societies there's no reason to spam!

Man your inboxes...

[Hoi+Polloi]

You'd end up with 2000 Marines busy churning through hundreds of penis enlargement, bigger boobs, refinancing, debt-free, horny teens, etc ads. I expect they'd resent the penis enlargement ads the most.

Sure they wouldn't attack Nigeria though? After all, they'd want to collect on those millions they were promised by Mr Sebeko, cousin of the ex-Finance Minister.

Re:Man your inboxes...

[mpe]

You'd end up with 2000 Marines busy churning through hundreds of penis enlargement, bigger boobs, refinancing, debt-free, horny teens, etc ads. I expect they'd resent the penis enlargement ads the most.

Since there are spammers who spam about "anti-spam" tools does this mean arms dealers will be getting in on the act.
"To cut down on yore SPAM you can now buy everything from torpedos to nuklear kruise missiles at a *BARGIN* price..."

What was that grade again.....

[common+middle+name]

Didn't the DOD just get a grade of F
for network security?

As soon as..

[herrvinny]

As soon as I saw this on /.'s front page, I went "Oh dear God"... Anyone else think, when glancing at the headline, that spammers had purchased a retired boat, put it in international waters, and spammed away from it?

Then I RTFA'ed. Pretty sad that military servers are compromised by nothing other than some stupid spammers. Makes you think what Chinese or other rogue government sponsored hackers could do to our systems if we even went to war with them....

The next war, if we fight it with a non african or Middle Eastern country, is going to involve cyber assualts. Hope the Pentagon is going to firm up their defenses more, both electronically and physically. Maybe they can even get the services of Akamai; they're practically DDOS-proof.

Wasteful military spending

[Uninvited+Guest]

25,000 tons?! I'm sure I could build an unsolicated bulk email server that weighs less than 1 ton.
---Okay, so it wouldn't be amphibious.

Re:Amphi?

[Phaid]

LPD-17 class ships (Landing Platform, Dock) are not themselves amphibious, but transport amphibious craft such as LCACs (Landing Craft, Air Cushion) and other vehicles used in amphibious operations.

For more information on these ships, see .

I do not like it, Sam I Am...

[GeoGreg]

I do not like unsolicited Spam!

I do not like it from a boat

I do not like it from a goat

I don't need a huge torpedo

I don't need help with my libido

I do not like it from Chinese

I do not like it, stop it, please!

I do not like unsolicited Spam,

So please REMOVE ME Sam I Am!

Re:They have a sense of humor

[Ianoo]

ISS? Their sites are based on the space station now?! I had heard it was running the mythical WinNT4 SP6...

Re:They have a sense of humor

[daniel23]

according to netcraft www.news.navy.mil runs Microsoft-IIS/5.0 under FreeBSD.

Well, defense is their business, isn't it?

Re:Amphibious Spam Relay? Nor really

[ckaminski]

Better be careful... this is one access point that can fight back...