Hi! This is the ezmlm program. I'm managing the [email protected] mailing list.
I'm working for my owner, who can be reached at [EMAIL PROTECTED] Acknowledgment: I have added the address [email protected] to the focus-ids mailing list. Welcome to [EMAIL PROTECTED] Please save this message so that you know the address you are subscribed under, in case you later want to unsubscribe or change your subscription address. To unsubscribe, send a message to: <[EMAIL PROTECTED]> What is this list about? The FOCUS-IDS list exists to allow people to discuss detection of intrusions. This includes both discovering invisible hacker activity (such as "stealth scans") as well as finding systems that have been compromised. The FOCUS-IDS mailing list is a lightly moderated mailing list. Moderation is in place to control spam, flames, off-topic discussion, and to kill tired threads. There are a wide range of tools that people can use in order to detect intrusions. Discussion on the list will focus on how these tools can be deployed/developed. Such tools include: * network IDS (packet sniffers) * host IDS (logfile parsers) * file checkers (hash & virus scanners) * firewalls (reject logs) What is appropriate content? Please follow the below guidelines on what kind of information should be posted to the FOCUS-IDS list: * "How can I deploy network/host intrusion to spy into hacker activity?" * "How can I deploy IDS to detect when I've been compromised?" * "I'm seeing a certain false positive; how to I quiet the system?" * "A new intrusion is being discussed in the media; how do I add a signature to my IDS?" * "I am a developer; does anybody know what exploit X looks like?" What is inappropriate content? * Product advertisements, though we may allow review-like posts from customers that describe real-world experience deploying an IDS. Vendors/developers should avoid posts that discuss how their products are better. * Requests for exploits, without some indication that there is a hole already. For example, don't send a post asking for someone to write you a new Apache exploit, unless you're spotted what you think is a hole. * Posts that don't relate to detection. Discussion of how to run a script against the system in order to break in is inappropriate, unless the discussion continues to how that be detected. * Basic how-to questions. It is assumed that you've read the owners manual of the products you are using. * Vendor-specific questions are inevitable, but please try to phrase your questions in a more vendor-neutral manner. For example, instead of asking "How do I get SpiffyIDS(tm) to detect exploit X?", please ask "How does exploit X look like when sent against a victim? BTW, I'm using SpiffyIDS(tm)". Please send information about new vulnerabilities to the BUGTRAQ mailing list. If you want to learn how to handle a particular security incidents please use the INCIDENTS mailing list. For questions or comments, please mail me: Jensenne Roculan [EMAIL PROTECTED] --- Administrative commands for the focus-ids list --- I can handle administrative requests automatically. Please do not send them to the list address! Instead, send your message to the correct command address: For help and a description of available commands, send a message to: <[EMAIL PROTECTED]> To subscribe to the list, send a message to: <[EMAIL PROTECTED]> To remove your address from the list, just send a message to the address in the ``List-Unsubscribe'' header of any list message. If you haven't changed addresses since subscribing, you can also send a message to: <[EMAIL PROTECTED]> or for the digest to: <[EMAIL PROTECTED]> For addition or removal of addresses, I'll send a confirmation message to that address. When you receive it, simply reply to it to complete the transaction. If you need to get in touch with the human owner of this list, please send a message to: <[EMAIL PROTECTED]> Please include a FORWARDED list message with ALL HEADERS intact to make it easier to help you. --- Enclosed is a copy of the request I received. Return-Path: <[EMAIL PROTECTED]> Received: (qmail 8176 invoked from network); 28 Jul 2005 15:23:48 -0000 Received: from mail2.securityfocus.com (205.206.231.1) by lists.securityfocus.com with SMTP; 28 Jul 2005 15:23:48 -0000 Received: (qmail 23015 invoked by alias); 28 Jul 2005 21:35:09 -0000 Received: (qmail 23010 invoked from network); 28 Jul 2005 21:35:09 -0000 Received: from ppsw-0.csi.cam.ac.uk (131.111.8.130) by mail2.securityfocus.com with SMTP; 28 Jul 2005 21:35:09 -0000 Received: from ppsw-0.csi.cam.ac.uk ([131.111.8.130]) by ppsw-0.csi.cam.ac.uk via smtpd (for mail2.securityfocus.com [205.206.231.1]) with ESMTP; Thu, 28 Jul 2005 15:02:03 -0700 X-Cam-SpamDetails: Not scanned X-Cam-AntiVirus: No virus found X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/ Received: from ghouls.cl.cam.ac.uk ([128.232.32.120]:52951 helo=localhost) by ppsw-0.csi.cam.ac.uk (ppsw.cam.ac.uk [131.111.8.130]:25) with esmtp id 1DyGS0-0000zZ-1w (Exim 4.51) for [EMAIL PROTECTED] (return-path <[EMAIL PROTECTED]>); Thu, 28 Jul 2005 23:02:00 +0100 Subject: From: Christian Kreibich <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Content-Type: text/plain Date: Thu, 28 Jul 2005 15:05:20 -0700 Message-Id: <[EMAIL PROTECTED]> Mime-Version: 1.0 X-Mailer: Evolution 2.0.4 (2.0.4-4) Content-Transfer-Encoding: 7bit
