To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- I would put my money on "infected box" and not 'we're being hacked via blank email'.
But that's just me. Call me crazy. On 3/25/07, Peter Dambier <[EMAIL PROTECTED]> wrote: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > I remember from old uucp days that empty emails are the result of > buffer overflows. > > They tricked me to believe 216.154.231.123 was our primary mailer. > So they tried to get in, between our primary and secondary. If that > is'nt a hack - what is? > > Kind regards > Peter and Karin Dambier > > > Adriel T. Desautels wrote: > > Why would you even jump to such assumptions anyway? Since when does an > empty > > email mean that you are being hacked? > > > > > > On 3/24/07 6:35 PM, "Peter Dambier" <[EMAIL PROTECTED]> wrote: > > > > > >>To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > >>---------- > >>Sorry for the noise, > >> > >>this one is to blame, not the DoD > >> > >> > >>Received: from unknown (HELO 216.154.231.123) (216.154.231.123) > >> > >>SBC Internet Services SBCIS-SIS80 (NET-216-154-224-0-1) > >> 216.154.224.0 - 216.154.255.255 > >>TAD Online SBC216154231000020130 (NET-216-154-231-0-1) > >> 216.154.231.0 - 216.154.231.127 > >> > >>Seen more spam from that address. > >> > >> > >>Kind regards > >>Peter and Karin > >> > >> > >> > >>Peter Dambier wrote: > >> > >>>Hi all, > >>> > >>>I come from seeing three empty emails, sent via mx3.memor.net > >>> > >>>is DoD trying to hack the Cesidian Root? > >>> > >>> > >>>Kind regards > >>>Peter and Karin Dambier > >>> > >>> > >>>-------- Original Message -------- > >>>From: - Sat Mar 24 12:56:28 2007 > >>>X-UIDL: hikwc3np6lj0umr5 > >>>X-Mozilla-Status: 0001 > >>>X-Mozilla-Status2: 00000000 > >>>Received: from [212.97.45.53] by mx3.memor.net > >>>~ (ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 > >>>(1.8.8.9)); > >>>~ Sat, 24 Mar 2007 12:35:42 +0100 > >>>Received: from [216.154.231.123] by mx3.memor.net with SMTP (HELO > >>>216.154.231.123) > >>>~ (ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 > >>>(1.8.8.9)); > >>>~ Sat, 24 Mar 2007 12:35:41 +0100 > >>>Message-ID: <[EMAIL PROTECTED]> > >>>Date: Sat, 24 Mar 2007 12:35:41 +0100 > >>>Reply-To: [EMAIL PROTECTED] > >>> > >>>Received: from 30.48.99.246 by ; Sat, 24 Mar 2007 16:36:17 +0400 > >>>Message-ID: <I[20 > >>> > >>>OrgName: DoD Network Information Center > >>>OrgID: DNIC > >>>Address: 3990 E. Broad Street > >>>City: Columbus > >>>StateProv: OH > >>>PostalCode: 43218 > >>>Country: US > >>> > >>>NetRange: 30.0.0.0 - 30.255.255.255 > >>>CIDR: 30.0.0.0/8 > >>>NetName: ARPAX25-TEMP > >>>NetHandle: NET-30-0-0-0-1 > >>>Parent: > >>>NetType: Direct Allocation > >>>Comment: Defense Information Systems Agency > >>>Comment: Washington, DC 20305-2000 US > >>>RegDate: > >>>Updated: 2002-10-07 > >>> > >>>OrgTechHandle: MIL-HSTMST-ARIN > >>>OrgTechName: Network DoD > >>>OrgTechPhone: +1-800-365-3642 > >>>OrgTechEmail: [EMAIL PROTECTED] > >>> > >>> > >>>-------- Original Message -------- > >>>From: - Sat Mar 24 16:48:47 2007 > >>>X-UIDL: clntq5knqshfcns5 > >>>X-Mozilla-Status: 0001 > >>>X-Mozilla-Status2: 00000000 > >>>Received: from [212.97.45.53] by mx3.memor.net > >>>~ (ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 > >>>(1.8.8.9)); > >>>~ Sat, 24 Mar 2007 16:33:25 +0100 > >>>Received: from [216.154.231.123] by mx3.memor.net with SMTP (HELO > >>>216.154.231.123) > >>>~ (ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 > >>>(1.8.8.9)); > >>>~ Sat, 24 Mar 2007 16:33:25 +0100 > >>>Message-ID: <[EMAIL PROTECTED]> > >>>Date: Sat, 24 Mar 2007 16:33:25 +0100 > >>>Reply-To: [EMAIL PROTECTED] > >>> > >>>Received: from 136.152.245.48 by ; Sat, 24 Mar 2007 22:29:00 +0600 > >>>Message-ID: <P[20 > >>> > >>>OrgName: University of California at Berkeley > >>>OrgID: UCAB-1 > >>>Address: IST Communication and Network Services > >>>Address: ATTN Network Services Group > >>>Address: 2484 Shattuck Ave, #1640 > >>>City: Berkeley > >>>StateProv: CA > >>>PostalCode: 94720-1640 > >>>Country: US > >>> > >>>NetRange: 136.152.0.0 - 136.152.255.255 > >>>CIDR: 136.152.0.0/16 > >>>NetName: UCB-TELECOM > >>>NetHandle: NET-136-152-0-0-1 > >>>Parent: NET-136-0-0-0-0 > >>>NetType: Direct Assignment > >>>NameServer: ADNS1.BERKELEY.EDU > >>>NameServer: ADNS2.BERKELEY.EDU > >>>NameServer: UCB-NS.NYU.EDU > >>>Comment: DMCA Designated Agent is Jacqueline Craig > >>><[EMAIL PROTECTED]> > >>>RegDate: 1991-03-06 > >>>Updated: 2003-06-23 > >>> > >>>RTechHandle: UCB-NOC-ARIN > >>>RTechName: IST Communication and Network Services > >>>RTechPhone: +1-510-643-3267 > >>>RTechEmail: [EMAIL PROTECTED] > >>> > >>>OrgTechHandle: UCB-NOC-ARIN > >>>OrgTechName: IST Communication and Network Services > >>>OrgTechPhone: +1-510-643-3267 > >>>OrgTechEmail: [EMAIL PROTECTED] > >>> > >>> > >>>-------- Original Message -------- > >>>From: - Sat Mar 24 19:29:39 2007 > >>>X-UIDL: ptlmlsreb3nrw0ee > >>>X-Mozilla-Status: 0001 > >>>X-Mozilla-Status2: 00000000 > >>>Received: from [212.97.45.53] by mx3.memor.net > >>>~ (ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 > >>>(1.8.8.9)); > >>>~ Sat, 24 Mar 2007 19:10:52 +0100 > >>>Received: from [216.154.231.123] by mx3.memor.net with SMTP (HELO > >>>216.154.231.123) > >>>~ (ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 > >>>(1.8.8.9)); > >>>~ Sat, 24 Mar 2007 19:10:52 +0100 > >>>Message-ID: <[EMAIL PROTECTED]> > >>>Date: Sat, 24 Mar 2007 19:10:52 +0100 > >>>Reply-To: [EMAIL PROTECTED] > >>> > >>>Received: from 140.17.144.151 by ; Sat, 24 Mar 2007 22:08:27 +0300 > >>>Message-ID: <M[20 > >>> > >>>OrgName: DoD Network Information Center > >>>OrgID: DNIC > >>>Address: 3990 E. Broad Street > >>>City: Columbus > >>>StateProv: OH > >>>PostalCode: 43218 > >>>Country: US > >>> > >>>NetRange: 140.17.0.0 - 140.17.255.255 > >>>CIDR: 140.17.0.0/16 > >>>NetName: SUM-LETT-6 > >>>NetHandle: NET-140-17-0-0-1 > >>>Parent: NET-140-0-0-0-0 > >>>NetType: Direct Assignment > >>>Comment: Defense Information Systems Agency > >>>Comment: Attn: Code DDEH/B611 > >>>Comment: Washington, DC 20305-2000 US > >>>RegDate: 1990-04-08 > >>>Updated: 1991-07-18 > >>> > >>>RTechHandle: AJC5-ARIN > >>>RTechName: Tso, Ann J. > >>>RTechPhone: +1-703-735-3131 > >>>RTechEmail: [EMAIL PROTECTED] > >>> > >>>OrgTechHandle: MIL-HSTMST-ARIN > >>>OrgTechName: Network DoD > >>>OrgTechPhone: +1-800-365-3642 > >>>OrgTechEmail: [EMAIL PROTECTED] > >>> > >>> > >>> > >>>-- > >>>Peter and Karin Dambier > >>>Cesidian Root - Radice Cesidiana > >>>Rimbacher Strasse 16 > >>>D-69509 Moerlenbach-Bonsweiher > >>>+49(6209)795-816 (Telekom) > >>>+49(6252)750-308 (VoIP: sipgate.de) > >>>mail: [EMAIL PROTECTED] > >>>mail: [EMAIL PROTECTED] > >>>http://iason.site.voila.fr/ > >>>https://sourceforge.net/projects/iason/ > >>>http://www.cesidianroot.com/ > > > > > > > -- > Peter and Karin Dambier > Cesidian Root - Radice Cesidiana > Rimbacher Strasse 16 > D-69509 Moerlenbach-Bonsweiher > +49(6209)795-816 (Telekom) > +49(6252)750-308 (VoIP: sipgate.de) > mail: [EMAIL PROTECTED] > mail: [EMAIL PROTECTED] > http://iason.site.voila.fr/ > https://sourceforge.net/projects/iason/ > http://www.cesidianroot.com/ > > _______________________________________________ > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > All list and server information are public and available to law enforcement > upon request. > http://www.whitestar.linuxbox.org/mailman/listinfo/botnets > -- --Joel Esler ISC Incident Handler http://www.incidents.org _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
