Is there an abuse case management system as freeware somewhere, something
like all the ticket/case handling packages out there, but more
specifically aimed at abuse/complaint handling. I googled some but couldnt
find any.
My idea is that it should provide functions to do the following flow:
Mikael,
Is there an abuse case management system as freeware somewhere,
something like all the ticket/case handling packages out there, but
more specifically aimed at abuse/complaint handling.
Not Freeware, but I know that the folks at Word to the Wise have
developed something to do
On Fri, Aug 01, 2003 at 11:08:18AM +0200, Mikael Abrahamsson wrote:
Is there an abuse case management system as freeware somewhere,
something like all the ticket/case handling packages out there, but
more specifically aimed at abuse/complaint handling. I googled some
but couldnt find any.
However, I would like to see Java or Other Language to run on the
routers,
(I know you can install and play Quake on one vendor´s boxes) but I mean
to do things really belonging to the router but so far I have yet to see
a vendor
to take programmable boxen (outside their own development)
However, I would like to see Java or Other Language to run on the
routers,
(I know you can install and play Quake on one vendor´s
boxes) but I mean
to do things really belonging to the router but so far I
have yet to see
a vendor
to take programmable boxen (outside their own
[EMAIL PROTECTED] wrote:
Rebooting the Internet once a month might prevent future problems.
Power off, count to ten, then restart...Proactive Management!?
Not a problem. At what time shall we reboot it? I was thinking late at
night.
-Jack
I started using OTRS (Open Ticket Request System) a month or so ago and LOVE
IT. You can setup pre-canned response templates and have multiple users
login and maintain various queues. It's open source and works VERY well.
http://www.otrs.org/
william
-Original Message-
From: [EMAIL
McBurnett, Jim wrote:
if *all* dsl and cablemodem plants firewalled inbound SYN packets and/or
only permitted inbound UDP in direct response to prior valid outbound UDP,
would rob really have seen a ~140Khost botnet this year?
In a sense, I would agree with you. The best method for what you
Vadim Antonov wrote:
On Thu, 31 Jul 2003, Petri Helenius wrote:
What we need is a new programming paradigm, capable of actually producing
secure (and, yes, reliable) software. C and its progeny (and program
now, test never lifestyle) must go. I'm afraid it'll take laws which
would actually
Ben Buxton wrote:
In europe, when any consumer gets a net connection it's sold as
a pipe to do anything you want with (as long as it abides by laws
and netiquette.
It seems that this silly restrictive mentality will remain even with
ipv6...
In the US, the pipe is limited in any number of ways in
In europe, when any consumer gets a net connection it's sold as
a pipe to do anything you want with (as long as it abides by laws
and netiquette.
That is certainly not the case everywhere in Europe.
In Norway, there are several operators that have limitations on
your use of xDSL, for
This report has been generated at Fri Aug 1 21:47:29 2003 AEST.
The report analyses the BGP Routing Table of an AS4637 (Reach) router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org/as4637 for a current version of this report.
Recent Table
Jack Bates Wrote:
In the US, the pipe is limited in any number of ways in attempts to
limit how many people share their broadband with their neighbor at a
reduced rate.
Another issue is that handing out IP addresses to the home at this point
is foolish. User's, in general, can't protect
I have been plotting the IPv6 ASNs for some time. These should be the
ISPs running IPv6. See:
http://www.nlnetlabs.nl/ipv6/measurements/index.html
It would be interesting to see an analysis that combines this data with
Geoff Huston's IPv4 analysis
I haven't had time to look, but just for my clarification, why was IPv8 not
pursued further. I remember there was a discussion on IPv6 vs IPv8 and the
argument to go directly to IPv8 instead, but I had to drop out from
following the discussions since.
Anyone remember the outcome? It seems
Better gas mileage?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Jerry Eyers
Sent: Friday, August 01, 2003 7:49 PM
To: [EMAIL PROTECTED]
Subject: Just a quick thought...
I haven't had time to look, but just for my clarification, why was IPv8
not
intellectual property issues? the IETF could not get change control
on V8? :)
I haven't had time to look, but just for my clarification, why was IPv8 not
pursued further. I remember there was a discussion on IPv6 vs IPv8 and the
argument to go directly to IPv8 instead, but I had to
On Fri, 1 Aug 2003 14:32:39 +0100
[EMAIL PROTECTED] wrote:
I have been plotting the IPv6 ASNs for some time. These should be the
ISPs running IPv6. See:
http://www.nlnetlabs.nl/ipv6/measurements/index.html
It would be interesting to see an analysis that combines this data with
Geoff
[EMAIL PROTECTED] wrote:
intellectual property issues? the IETF could not get change control
on V8? :)
Vrm grin
But ford has a /8 in IPv4 so they surely would like it if the protocol
carried their name too :)
I haven't had time to look, but just for my clarification,
why
On Thu, 31 Jul 2003, Dave Israel wrote:
Personally, it'll be a long time before I'm convinced that I want my
routers running Java. (Like how I brought that almost back on topic
in the end, there?)
or your ATM switch running windowsNT ? Wait, that already happened, damn!
Thus spake Drew Weaver ([EMAIL PROTECTED]) [01/08/03 14:25]:
I have had like 4 users call and tell me that they're receiving
email from [EMAIL PROTECTED] with a unidentified attachment, possibly a
worm that exploits the new Microsoft vulnerability last week, all 4 of these
people
I have had like 4 users call and tell me that
they're receiving email from [EMAIL PROTECTED] with a unidentified
attachment, possibly a worm that exploits the new Microsoft vulnerability last
week, all 4 of these people reported that their updated this morning antivirus
software missed
I've captured this guy here actually directed at me.
thank goodness for pine:)
It appears to attach itself as message.zip not sure if it attaches using
other names.
On Fri, 1 Aug 2003, Drew Weaver wrote:
I have had like 4 users call and tell me that they're receiving
email
That's funny, I had atleast one person here receive a similar email which
was forwarded on to me. I ran it through McAfee (4.5.1 engine, 4.0.4280
DAT) and it picked it right up (Trojan Name: Exploit-Code Base
http://us.mcafee.com/virusInfo/default.asp?id=descriptionvirus_k=99383).
Potentially
Sounds like mimail. See
http://vil.nai.com/vil/content/v_100523.htm
---Mike
At 02:45 PM 01/08/2003 -0400, Drew Weaver wrote:
I have had like 4 users call and tell me that they're
receiving email from [EMAIL PROTECTED] with a unidentified attachment,
possibly a worm that
http://www.cert.org/advisories/CA-2003-19.html
Would blocking port 135 at the network edge be a prudent preventative
measure?
http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED]
html
Bob German, CISSP, CCNA, MCSE
Sr Systems Engineer
Irides, LLC
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Scott Granados
Sent: Friday, August 01, 2003 2:29 PM
To:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MIMAIL.A
Forrest Houston
Friday, August 1, 2003, 11:45:25 AM, you wrote:
DW I have had like 4 users call and tell me that they're receiving
DW email from [EMAIL PROTECTED] with a unidentified attachment, possibly a
DW worm that exploits the new Microsoft vulnerability last week, all 4 of these
DW people
I do apologize for my outdated clue.
;-)
-Drew
-Original Message-
From: Mike Tancsa [mailto:[EMAIL PROTECTED]
Sent: Friday, August 01, 2003 2:34 PM
To: Drew Weaver; [EMAIL PROTECTED]
Subject: Re: maybe this should be on sec focus but.
Sounds like mimail. See
It seems to come with a message attachment of message.zip.
The body of the message goes something like this:
-
From: Admin
Sent: Friday, August 01, 2003 11:25 AM
To: user-ID
Subject: your account some-random-string
Importance: High
Hello there,
I
On Fri, 1 Aug 2003, Adi Linden wrote:
http://www.cert.org/advisories/CA-2003-19.html
Would blocking port 135 at the network edge be a prudent preventative
measure?
It depends.
Do you have a network edge?
Do you have the resources to block it?
Do you need it for anything else?
Have
Absolutely. All of the NetBIOS ports: 135, 137, 138, 139, 445.
Bob
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Adi Linden
Sent: Friday, August 01, 2003 2:37 PM
To: [EMAIL PROTECTED]
Subject: Blocking port 135?
On Fri, Aug 01, 2003 at 01:37:21PM -0500, Adi Linden wrote:
http://www.cert.org/advisories/CA-2003-19.html
Would blocking port 135 at the network edge be a prudent preventative
measure?
I've blocked these ports on my home network for
some time, just for insurance reasons to make
Thus spake Adi Linden [EMAIL PROTECTED]
http://www.cert.org/advisories/CA-2003-19.html
Would blocking port 135 at the network edge be a prudent preventative
measure?
If you see your job as protecting users from their own ignorance, blocking
135-139 both tcp and udp has been prudent for
Absolutely. All of the NetBIOS ports: 135, 137, 138, 139, 445.
Ports 137, 138, 139, 445 have been blocked for a long time. But port 135
wasn't until today...
Thanks!
Adi
On Fri, 1 Aug 2003, Sean Donelan wrote:
In reality blocking port 135 is almost never sufficient. Its slightly
better than waving a dead chicken over your PC.
its far less stinky than the chicken option though, you must admit that.
Bob German wrote:
Absolutely. All of the NetBIOS ports: 135, 137, 138, 139, 445.
And filtering 445 in the outbound direction to prevent attacks from the inside
out is probably prudent as well.
=
bep
On Fri, 1 Aug 2003, Sean Donelan wrote:
In reality blocking port 135 is almost never sufficient. Its slightly
better than waving a dead chicken over your PC.
its far less stinky than the chicken option though, you must admit that.
only if you thaw before use...
I also would recommend blocking these outbound, if they are not.
Especially 137, it's so useful in finding Windows machines on other
networks.
On 1 Aug 2003 at 14:09, Adi Linden wrote:
Date sent: Fri, 1 Aug 2003 14:09:52 -0500 (CDT)
From: Adi Linden [EMAIL
So, you don't like the smell of fried chicken ?
We keep an old overclocked 486-33, with a quadrupler
around, making it run at about 100mhz.. for just this purpose...
Complete the Chicken ritual, at Midnight, of course.
Unprotect port 25, let alt.freak know...
Route all mail to
Bob German wrote:
Absolutely. All of the NetBIOS ports: 135, 137, 138, 139, 445.
Although the public exploits floating around (at the moment) attack
135/tcp, 135/udp is also vulnerable...
And for this crowd, I should point out that blocking 135/udp blocks
DCE-RPC which is used rather
Anyone aware of an attack on www.microsoft.com? I had a customer
machine that was attacking it, looks like either a bug in Microsoft's
SP4 (coincidentally this started the day after this was installed) or
there's some new(?) worm of some sort causing this ??
Thanks!
--
Yeah, seeing the same here - it's been flaky for us for the last 30
minutes while we've been trying it.
I wonder if it's related to this messages.zip / admin@ thing that's all
over the place today.
I was just thinking the other day, wouldn't it be funny if there was a
worm that had infected
defcon?
-Original Message-
From: Adam Maloney [mailto:[EMAIL PROTECTED]
Sent: Friday, August 01, 2003 2:05 PM
To: Jason Frisvold
Cc: [EMAIL PROTECTED]
Subject: Re: Microsoft.com attack?
Yeah, seeing the same here - it's been flaky for us for the last 30
minutes while we've been trying
I wouldn't put it past Microsoft to make a patch so poorly written, it would
actually cause all patched machines to attack the mothership.
:-)
Adam Maloney wrote:
Yeah, seeing the same here - it's been flaky for us for the last 30
minutes while we've been trying it.
I wonder if it's
On Fri, Aug 01, 2003 at 08:21:52AM -0400, [EMAIL PROTECTED] said:
Jack Bates Wrote:
In the US, the pipe is limited in any number of ways in attempts to
limit how many people share their broadband with their neighbor at a
reduced rate.
Another issue is that handing out IP addresses to
Who would have thought ten years ago that Microsoft
and it's poorly written software would have been
responsible for the advent of protocol filtering
throughout the net.
To those who want to filter everything, please make
sure you state those policies all over your company
web site so people
Is there a way to block html mail at the edge using a proxy ro something?
Scott Francis wrote:
On Fri, Aug 01, 2003 at 08:21:52AM -0400, [EMAIL PROTECTED] said:
Jack Bates Wrote:
In the US, the pipe is limited in any number of ways in attempts to
limit how many people share their
DGA Date: Thu, 31 Jul 2003 13:10:20 -0400
DGA From: David G. Andersen
DGA a) DHCP'ing everyone is just easier.
Assign unchanging IP address based on MAC address. Done/done.
Eddy
--
Brotsman Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network
On Fri, 1 Aug 2003, Jack Bates wrote:
There is nothing in C which guarantees that code will be unreliable or
insecure.
Lack of real strong typing, built-in var-size strings (so the compiler can
actually optimize string ops) and uncontrollable pointer operations is
enough to guarantee that
CLM Date: Wed, 30 Jul 2003 22:37:21 + (GMT)
CLM From: Christopher L. Morrow
CLM The problem isn't the network, nor the filtering /
CLM lack-of-filtering, its a basic end host security problem.
Beyond basic filtering, it's a whack-a-mole to deal with rogue
systems. Until the pain of having
PH Date: Thu, 31 Jul 2003 21:09:34 +0300
PH From: Petri Helenius
PH However, since improvements are always welcome, please
PH recommend tools which would allow us to progress above and
PH beyond C and it´s deficencies.
I'll pick on you for a bit, although this applies to all too many
technical
Vadim Antonov wrote:
Lack of real strong typing, built-in var-size strings (so the compiler can
actually optimize string ops) and uncontrollable pointer operations is
enough to guarantee that any complicated program will have buffer-overflow
vulnerabilities.
Typing can be enforced if the
On Fri, 1 Aug 2003, Christopher L. Morrow wrote:
On Fri, 1 Aug 2003, Sean Donelan wrote:
In reality blocking port 135 is almost never sufficient. Its slightly
better than waving a dead chicken over your PC.
its far less stinky than the chicken option though, you must admit that.
yep.
If
Sean Donelan wrote:
free/cheap software firewalls that
are easy and effective to use.
And breaks all kinds of nifty things which ISP has to pay for via
helpdesk support.
-Jack
On Sat, 2 Aug 2003, E.B. Dreger wrote:
CLM Date: Wed, 30 Jul 2003 22:37:21 + (GMT)
CLM From: Christopher L. Morrow
CLM The problem isn't the network, nor the filtering /
CLM lack-of-filtering, its a basic end host security problem.
Beyond basic filtering, it's a whack-a-mole to
On Fri, 1 Aug 2003, Jack Bates wrote:
Sean Donelan wrote:
free/cheap software firewalls that
are easy and effective to use.
And breaks all kinds of nifty things which ISP has to pay for via
helpdesk support.
as opposed to core level filtering which somehow doesn't break things?
On Fri, 2003-08-01 at 22:16, Matt Ploessel wrote:
http://www.microsoft.com/homepage/features/2003/denialofservice.htm
Cool... thanks for the info... Hopefully I'll be able to gather any
information I can from our infected machine here and forward it on to
the proper authorities... Anyone got
Im pretty sure the Shavlik products require the RPC ports for people to use
HFNETCHK LE and stuff like that, and a lot of our co-lo customers use that
to keep their win boxes up to date, which I think is great because that's
one less abuse email I have to reply to ;-)
-Drew
-Original
IMHO, If it's for my own network, yes. Block it.
If you are ISP'ing for it, you shouldn't need netbios related stuff on
your own servers and they should be protected anyway. However, it
should be passed along to your customers in case they are foolish enough
to have to expose MS related
61 matches
Mail list logo
