.
-Original Message-
From: Shawn Baltzer [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, 29. May 2001 11:27
To: '[EMAIL PROTECTED]'
Subject: RE: f**k USA government f**k poizonbox - reinstall
Sorry, but I had to do this...
$200 for suit to wear to the interview
$10 for gas to get to the interview
Hi, am I getting trouble with this log?
0 in use, 128 remain, 0 most used
UDP out 198.41.0.4:12626 in 192.168.1.2:53 idle 0:01:30 flags -
UDP out 192.33.4.12:6614 in 192.168.1.2:53 idle 0:01:00 flags -
UDP out 4.2.49.4:6809 in 192.168.1.2:53 idle 0:00:30 flags -
UDP out 198.41.0.4:350
This is a firewalls list, not a venting boo-hoo i can't find a job
list.
This is a firewalls list. Please think (at least) twice before
feeding an off-topic thread.
Goto monster.com, there are thousands of jobs in this industry.
If you choose to post advice, it should be useful. I
to
re-install their mess WITH patches).
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Young, Beth A.
Sent: Friday, May 25, 2001 13:58
To: [EMAIL PROTECTED]
Subject: RE: f**k USA government f**k poizonbox
From personal experience here:
We had
I think the computer indestry is over rated i have now been out of school for
2 months and have been suffering looking for a job and struggling trying to
make some money to pay the few bills i have. so fuck the computer indestry
and the us gov.
-
[To unsubscribe, send mail to [EMAIL
government f**k poizonbox - reinstall
I think the computer indestry is over rated i have now been out of school
for
2 months and have been suffering looking for a job and struggling trying to
make some money to pay the few bills i have. so fuck the computer indestry
and the us gov
Title: RE: f**k USA government f**k poizonbox - reinstall
Sorry, but I had to do this...
$200 for suit to wear to the interview
$10 for gas to get to the interview
Blaming everyone else for your own stupidity ... Priceless
I am guessing he may have misspelled something on his resume
Title: RE: f**k USA government f**k poizonbox - reinstall
I am
struggling against curiosityto ask which school he just got out
of.
-Original Message-From: Shawn Baltzer
[mailto:[EMAIL PROTECTED]]Sent: Tuesday, May 29, 2001 2:27
PMTo: '[EMAIL PROTECTED]'Subject: RE: f**k
Title: [OT] RE: f**k USA government f**k poizonbox - reinstall
hallo jim, shawn, john, etc.
1. this is so far off-topic that i am pretty sure there is no topic
2. enough of the spelling jokes already; not everyone is american or speaks english as a first language so you should not assume
, 2001 2:27 PM
To: '[EMAIL PROTECTED]'
Subject: RE: f**k USA government f**k poizonbox - reinstall
Sorry, but I had to do this...
$200 for suit to wear to the interview
$10 for gas to get to the interview
Blaming everyone else for your own stupidity ... Priceless
I am guessing
is struggling to find work
4. your follow-up spams were a lot worse than his original spam
-s.
-Original Message-
From: Shawn Baltzer [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, 29. May 2001 11:27
To: '[EMAIL PROTECTED]'
Subject: RE: f**k USA government f**k poizonbox - reinstall
Title: [OT] RE: f**k USA government f**k poizonbox - reinstall
Actually, I wasn't really concerned with his spelling,
grammar, or insinuations;
nor am
I glad to hear on a firewall list that the 'dot.com' industry is failing.
I was
curious, however, at what level of formal education he had
Title: RE: [OT] RE: f**k USA government f**k poizonbox - reinstall
hallo john, chris, etc.
touche
before anyone else replies publicly to this -- i have no idea why i attempted to defend someone from aol -- as for the MX being mail transport; you are probably right .. that is entirely
On Tue, 29 May 2001, Ron DuFresne wrote:
Are you certain the mx in imo-r03.mx.aol.com designates mexico? The ip
translation is 152.163.225.99, and the netblock rests at:
mx stands for Mail eXchange, as in a MX dns record.
This is a firewalls list, not a venting boo-hoo i can't find a job
hi ya alim
On Sat, 26 May 2001 [EMAIL PROTECTED] wrote:
Can you recommend any softwares like tripwire who can protect the integrity
of web pages?
- that'd depend on how the webpages are created ..
- you need to protect your server, filesystem ...
- protect the program that generate
took the words right outta
Thanks,
Ron DuFresne
On Fri, 25 May 2001, Jose Nazario wrote:
On Fri, 25 May 2001, Eric Robinson wrote:
Members of this list who suggest that you should reformat and
reinstall after a hacking inicdent are only partially correct.
Starting with a clean
:39 AM
To: Eric Robinson
Cc: [EMAIL PROTECTED]
Subject: RE: f**k USA government f**k poizonbox
On Fri, 25 May 2001, Eric Robinson wrote:
Members of this list who suggest that you should reformat and
reinstall after a hacking inicdent are only partially correct.
Starting with a clean
At 04:56 AM 5/26/01 +, you wrote:
running tripwire and other ids are good and bad...
- - bad because its too late...they got in
- - bad to use tripwire..because youdont have the original
version ... tripwire tells you the binary been tampered
Tripwire is not a panacea. Its primary
PROTECTED]
Subject: RE: f**k USA government f**k poizonbox
From personal experience here:
We had about 25 machine around the state defaced. 2 of those machines had
backdoor programs installed. All the defacements looked the same so don't
assume anything.
Beth
-Original Message-
From
I had the same thign happen to me. Is there a way to find which server this
is sitting on? I did a scan w/ SOPHOS's latest IDE file, but it couldn't
locate it.
Sincerely yours,
Nontakorn Roongphornchai (Jo+)
Thaifin.com
Tel: 679-5616, 679-5020 x 108
- Original Message -
From: [EMAIL
Meaning.scratch from the OS onwards?
SorryI was badly hit by this thing and need a solution..thanks,
group!!
Sincerely yours,
Nontakorn Roongphornchai (Jo+)
Thaifin.com
Tel: 679-5616, 679-5020 x 108
- Original Message -
From: Ng, Kenneth (US) [EMAIL PROTECTED]
To: 'Ron
PROTECTED]]On Behalf Of Nontakorn
Sent: Friday, May 25, 2001 4:16 AM
To: Ng, Kenneth (US); 'Ron DuFresne'; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: f**k USA government f**k poizonbox
Meaning.scratch from the OS onwards?
SorryI was badly hit by this thing and need
On Fri, 25 May 2001, Eric Robinson wrote:
Members of this list who suggest that you should reformat and
reinstall after a hacking inicdent are only partially correct.
Starting with a clean slate is the only way to be sure you have
eliminated your problem if you don't already know the exact
PROTECTED]
Subject: RE: f**k USA government f**k poizonbox
On Fri, 25 May 2001, Eric Robinson wrote:
Members of this list who suggest that you should reformat and
reinstall after a hacking inicdent are only partially correct.
Starting with a clean slate is the only way to be sure you have
eliminated
Robinson [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 25, 2001 9:24 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: f**k USA government f**k poizonbox
Do not--repeat, DO NOT reformat your hard drive and reinstall your OS. Some
users of this list have suggested this course primarily bacuse
, 2001 9:39 AM
To: Eric Robinson
Cc: [EMAIL PROTECTED]
Subject: RE: f**k USA government f**k poizonbox
On Fri, 25 May 2001, Eric Robinson wrote:
Members of this list who suggest that you should reformat and
reinstall after a hacking inicdent are only partially correct.
Starting with a clean
: Elizabeth Zwicky [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 25, 2001 10:05 AM
To: 'Eric Robinson'; Jose Nazario
Cc: [EMAIL PROTECTED]
Subject: RE: f**k USA government f**k poizonbox
There comes a point at which you have to ask yourself, Was I
just one of
several thousand identical victims
I have to agree here. If the system is hacked, find out all you can
about what they did, then reinstall. Either from scrach, or from a
known good backup. It is the only way to be sure. Not taking these
steps is only asking for trouble.
Joseph
On Fri, 25 May 2001, Jose Nazario wrote:
-On Fri,
, May 25, 2001 12:09 PM
To: Elizabeth Zwicky; Jose Nazario
Cc: [EMAIL PROTECTED]
Subject: RE: f**k USA government f**k poizonbox
Have you checked around to see what analysts in various places have said
about the true nature of the attack? Have there been reports of different
versions of the attack
: Friday, May 25, 2001 1:43 PM
To: Jose Nazario
Cc: Eric Robinson; [EMAIL PROTECTED]
Subject: RE: f**k USA government f**k poizonbox
I have to agree here. If the system is hacked, find out all you can
about what they did, then reinstall. Either from scrach, or from a
known good backup
Eric Robinson wrote:
Have you checked around to see what analysts in various places have said
about the true nature of the attack? Have there been reports of different
versions of the attack that do more than I stated?
CERT's advisory on sadmin/IIS makes mention of unconfirmed variants.
--
: Friday, May 25, 2001 12:09 PM
To: Elizabeth Zwicky; Jose Nazario
Cc: [EMAIL PROTECTED]
Subject: RE: f**k USA government f**k poizonbox
Have you checked around to see what analysts in various places have said
about the true nature of the attack? Have there been reports of different
versions
On Fri, May 25, 2001 at 09:24:00AM -0700, Eric Robinson wrote:
Members of this list who suggest that you should reformat and reinstall
after a hacking inicdent are only partially correct. Starting with a clean
slate is the only way to be sure you have eliminated your problem if you
don't
On Fri, May 25, 2001 at 01:19:45PM -0700, Eric Robinson wrote:
So I stand at least partially corrected. I should not have advised Nontakorn
Roongphornchai to eschew reformatting his hard drive without qualifying
myself thusly: If you think your server may have suffered effects beyond the
the client
on whatever would have qualified as a good move.
--Eric
-Original Message-
From: Devin L. Ganger [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 25, 2001 1:41 PM
To: Eric Robinson
Cc: [EMAIL PROTECTED]
Subject: Re: f**k USA government f**k poizonbox
On Fri, May 25, 2001 at 09:24:00AM
On Fri, May 25, 2001 at 02:13:14PM -0700, Eric Robinson wrote:
In an ideal world, I suppose we would have time to conduct an exhaustive
forensic analysis of each of the 9000+ effected systems.
Nope. That's where the risk analysis comes in.
How much risk will I be at, versus the amount of
. Ganger [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 25, 2001 1:41 PM
To: Eric Robinson
Cc: [EMAIL PROTECTED]
Subject: Re: f**k USA government f**k poizonbox
On Fri, May 25, 2001 at 09:24:00AM -0700, Eric Robinson wrote:
Members of this list who suggest that you should reformat and reinstall
???
-Original Message-
From: Joseph Spainhour [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 25, 2001 1:43 PM
To: Jose Nazario
Cc: Eric Robinson; [EMAIL PROTECTED]
Subject: RE: f**k USA government f**k poizonbox
I have to agree here. If the system is hacked, find out all you can
about
]
Subject: Re: f**k USA government f**k poizonbox
On Fri, May 25, 2001 at 09:24:00AM -0700, Eric Robinson wrote:
Members of this list who suggest that you should reformat and reinstall
after a hacking inicdent are only partially correct. Starting with a clean
slate is the only way to be sure
On Fri, 25 May 2001, Devin L. Ganger wrote:
On Fri, May 25, 2001 at 02:13:14PM -0700, Eric Robinson wrote:
In an ideal world, I suppose we would have time to conduct an exhaustive
forensic analysis of each of the 9000+ effected systems.
Nope. That's where the risk analysis comes
To: Devin L. Ganger
Cc: [EMAIL PROTECTED]
Subject: RE: f**k USA government f**k poizonbox
Just out of curiosity, does anyone have a story to tell about a
server that
(1) got hit by the fuck USA attack, (2) was subsequently
patched with the
latest security updates, and (3) continued
This specific exploit utilises the canonicalization error in IIS 4.0 and 5.0
as specified by MS here -
http://www.microsoft.com/technet/security/bulletin/MS00-078.asp
Hope that helps.
Ad.
-snip-
a simplre re-install from scratch or backup is WORTHLESS
Devin L. Ganger wrote:
On Fri, May 25, 2001 at 02:13:14PM -0700, Eric Robinson wrote:
In an ideal world, I suppose we would have time to conduct an exhaustive
forensic analysis of each of the 9000+ effected systems.
Nope. That's where the risk analysis comes in.
How much risk will I
Any network person whose systems were compromised in
the last round of these attacks IS lucky!! Lucky they
have jobs at all, the security patches for this
vuneribilty had been out forever - tisk -tisk to
anyone irresponsible enough to overlook the obvious.
Also, if your system was compromised
:[EMAIL PROTECTED]]
Sent: Friday, May 25, 2001 1:43 PM
To: Jose Nazario
Cc: Eric Robinson; [EMAIL PROTECTED]
Subject: RE: f**k USA government f**k poizonbox
I have to agree here. If the system is hacked, find out all you can
about what they did, then reinstall. Either from scrach, or from
hi ya
i think that if you leave the attackd box alone..
you have an easier time catching the attacker...
- assuming that is the goal... as it would be
for some of our customers ... catch um red handed..
if you do rebuild the server...and do it from
backup and/or cdrom... you
On Fri, May 25, 2001 at 03:40:49PM -0700, Alvin Oga wrote:
me
No analysis, rebuild system: low risk, moderate labor.
extreme high rish100% guraranteed that they will get back in
since you did NOT patch the system the first time... doing the
same thing is 100% guranteed they will get
hi Devin..
okay...yes...sorry...didn't mean it that way... but
yes.. we all assume they would apply all known patches
to date
and we're also assuming that the backup does NOT have any
binaries that would un-install/overwrite the good/new patched binaries ???
- backups should only
hi ya...
wasnt this a MS bug/attack... and if so...
why are you looking at your linux logss???
or are these the logs of your firewall ??? which shoulda kept
track of iincoming traffic to that MS server
and if you were doing some poking around...
- logs can be erased and covered up.
-BEGIN PGP SIGNED MESSAGE-
At 10:02 AM 5/25/01 -0700, Eric Robinson wrote:
To prove my point, I just hacked www.cwru.edu and installed a really
nasty exe-redirected, polymorphic ACK-tunnel-style Trojan running
invisibly with
This was a silly, unprofessional thing to post to the list
Alvin Oga wrote:
i think that if you leave the attackd box alone..
you have an easier time catching the attacker...
- assuming that is the goal... as it would be
for some of our customers ... catch um red handed..
This particular attack is a worm.
The hosts of the worm
hi chris
yes... i concur... with most all of your comments too ...cool...
This particular attack is a worm.
The hosts of the worm probably dont even know their affected.
and now we're at stage1 of a security breach...
who can predict what gonna happen next... just depends
running
* Eric Robinson sez:
: The hack uses an eight-month old exploit that allows an attacker to submit
... that could have been used differently. What about a +c
ftp://my.trojan.com?
: URLs to an IIS server containing double-byte (Unicode) characters. By
: substituting the string %0c%0a (not sure
* Eric Robinson sez:
: - Do you look under you car, under its hood, under its seats and in its
: trunk before getting into it each time?
I lived for a while in a war zone. I did do the above - and more. This
is the internet, remember. That's the small virtual community in which
you can do shit
54 matches
Mail list logo