Re: [botnets] DoD trying to hack Cesidian Root or publicroot.org?

Mon, 26 Mar 2007 06:11:36 -0800 

To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
Peter, 
    My point is that empty emails are not a clear indication of an attack.
They are just empty emails. I seem to be missing something here. How did
they trick you into thinking that 216.154.231.123 was your primary mailer?


On 3/25/07 1:37 PM, "Peter Dambier" <[EMAIL PROTECTED]> wrote:

> To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
> ----------
> I remember from old uucp days that empty emails are the result of
> buffer overflows.
> 
> They tricked me to believe 216.154.231.123 was our primary mailer.
> So they tried to get in, between our primary and secondary. If that
> is'nt a hack - what is?
> 
> Kind regards
> Peter and Karin Dambier
> 
> 
> Adriel T. Desautels wrote:
>> Why would you even jump to such assumptions anyway? Since when does an empty
>> email mean that you are being hacked?
>> 
>> 
>> On 3/24/07 6:35 PM, "Peter Dambier" <[EMAIL PROTECTED]> wrote:
>> 
>> 
>>> To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
>>> ----------
>>> Sorry for the noise,
>>> 
>>> this one is to blame, not the DoD
>>> 
>>> 
>>> Received: from unknown (HELO 216.154.231.123) (216.154.231.123)
>>> 
>>> SBC Internet Services SBCIS-SIS80 (NET-216-154-224-0-1)
>>>                                   216.154.224.0 - 216.154.255.255
>>> TAD Online SBC216154231000020130 (NET-216-154-231-0-1)
>>>                                   216.154.231.0 - 216.154.231.127
>>> 
>>> Seen more spam from that address.
>>> 
>>> 
>>> Kind regards
>>> Peter and Karin
>>> 
>>> 
>>> 
>>> Peter Dambier wrote:
>>> 
>>>> Hi all,
>>>> 
>>>> I come from seeing three empty emails, sent via mx3.memor.net
>>>> 
>>>> is DoD trying to hack the Cesidian Root?
>>>> 
>>>> 
>>>> Kind regards
>>>> Peter and Karin Dambier
>>>> 
>>>> 
>>>> -------- Original Message --------
>>>> From: - Sat Mar 24 12:56:28 2007
>>>> X-UIDL: hikwc3np6lj0umr5
>>>> X-Mozilla-Status: 0001
>>>> X-Mozilla-Status2: 00000000
>>>> Received: from [212.97.45.53] by mx3.memor.net
>>>> ~          (ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8
>>>> (1.8.8.9));
>>>> ~          Sat, 24 Mar 2007 12:35:42 +0100
>>>> Received: from  [216.154.231.123] by mx3.memor.net with SMTP (HELO
>>>> 216.154.231.123)
>>>> ~          (ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8
>>>> (1.8.8.9));
>>>> ~          Sat, 24 Mar 2007 12:35:41 +0100
>>>> Message-ID: <[EMAIL PROTECTED]>
>>>> Date: Sat, 24 Mar 2007 12:35:41 +0100
>>>> Reply-To: [EMAIL PROTECTED]
>>>> 
>>>> Received: from 30.48.99.246 by ; Sat, 24 Mar 2007 16:36:17 +0400
>>>> Message-ID: <I[20
>>>> 
>>>> OrgName:    DoD Network Information Center
>>>> OrgID:      DNIC
>>>> Address:    3990 E. Broad Street
>>>> City:       Columbus
>>>> StateProv:  OH
>>>> PostalCode: 43218
>>>> Country:    US
>>>> 
>>>> NetRange:   30.0.0.0 - 30.255.255.255
>>>> CIDR:       30.0.0.0/8
>>>> NetName:    ARPAX25-TEMP
>>>> NetHandle:  NET-30-0-0-0-1
>>>> Parent:
>>>> NetType:    Direct Allocation
>>>> Comment:    Defense Information Systems Agency
>>>> Comment:    Washington, DC 20305-2000 US
>>>> RegDate:
>>>> Updated:    2002-10-07
>>>> 
>>>> OrgTechHandle: MIL-HSTMST-ARIN
>>>> OrgTechName:   Network DoD
>>>> OrgTechPhone:  +1-800-365-3642
>>>> OrgTechEmail:  [EMAIL PROTECTED]
>>>> 
>>>> 
>>>> -------- Original Message --------
>>>> From: - Sat Mar 24 16:48:47 2007
>>>> X-UIDL: clntq5knqshfcns5
>>>> X-Mozilla-Status: 0001
>>>> X-Mozilla-Status2: 00000000
>>>> Received: from [212.97.45.53] by mx3.memor.net
>>>> ~          (ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8
>>>> (1.8.8.9));
>>>> ~          Sat, 24 Mar 2007 16:33:25 +0100
>>>> Received: from  [216.154.231.123] by mx3.memor.net with SMTP (HELO
>>>> 216.154.231.123)
>>>> ~          (ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8
>>>> (1.8.8.9));
>>>> ~          Sat, 24 Mar 2007 16:33:25 +0100
>>>> Message-ID: <[EMAIL PROTECTED]>
>>>> Date: Sat, 24 Mar 2007 16:33:25 +0100
>>>> Reply-To: [EMAIL PROTECTED]
>>>> 
>>>> Received: from 136.152.245.48 by ; Sat, 24 Mar 2007 22:29:00 +0600
>>>> Message-ID: <P[20
>>>> 
>>>> OrgName:    University of California at Berkeley
>>>> OrgID:      UCAB-1
>>>> Address:    IST Communication and Network Services
>>>> Address:    ATTN Network Services Group
>>>> Address:    2484 Shattuck Ave, #1640
>>>> City:       Berkeley
>>>> StateProv:  CA
>>>> PostalCode: 94720-1640
>>>> Country:    US
>>>> 
>>>> NetRange:   136.152.0.0 - 136.152.255.255
>>>> CIDR:       136.152.0.0/16
>>>> NetName:    UCB-TELECOM
>>>> NetHandle:  NET-136-152-0-0-1
>>>> Parent:     NET-136-0-0-0-0
>>>> NetType:    Direct Assignment
>>>> NameServer: ADNS1.BERKELEY.EDU
>>>> NameServer: ADNS2.BERKELEY.EDU
>>>> NameServer: UCB-NS.NYU.EDU
>>>> Comment:    DMCA Designated Agent is Jacqueline Craig
>>>> <[EMAIL PROTECTED]>
>>>> RegDate:    1991-03-06
>>>> Updated:    2003-06-23
>>>> 
>>>> RTechHandle: UCB-NOC-ARIN
>>>> RTechName:   IST Communication and Network Services
>>>> RTechPhone:  +1-510-643-3267
>>>> RTechEmail:  [EMAIL PROTECTED]
>>>> 
>>>> OrgTechHandle: UCB-NOC-ARIN
>>>> OrgTechName:   IST Communication and Network Services
>>>> OrgTechPhone:  +1-510-643-3267
>>>> OrgTechEmail:  [EMAIL PROTECTED]
>>>> 
>>>> 
>>>> -------- Original Message --------
>>>> From: - Sat Mar 24 19:29:39 2007
>>>> X-UIDL: ptlmlsreb3nrw0ee
>>>> X-Mozilla-Status: 0001
>>>> X-Mozilla-Status2: 00000000
>>>> Received: from [212.97.45.53] by mx3.memor.net
>>>> ~          (ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8
>>>> (1.8.8.9));
>>>> ~          Sat, 24 Mar 2007 19:10:52 +0100
>>>> Received: from  [216.154.231.123] by mx3.memor.net with SMTP (HELO
>>>> 216.154.231.123)
>>>> ~          (ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8
>>>> (1.8.8.9));
>>>> ~          Sat, 24 Mar 2007 19:10:52 +0100
>>>> Message-ID: <[EMAIL PROTECTED]>
>>>> Date: Sat, 24 Mar 2007 19:10:52 +0100
>>>> Reply-To: [EMAIL PROTECTED]
>>>> 
>>>> Received: from 140.17.144.151 by ; Sat, 24 Mar 2007 22:08:27 +0300
>>>> Message-ID: <M[20
>>>> 
>>>> OrgName:    DoD Network Information Center
>>>> OrgID:      DNIC
>>>> Address:    3990 E. Broad Street
>>>> City:       Columbus
>>>> StateProv:  OH
>>>> PostalCode: 43218
>>>> Country:    US
>>>> 
>>>> NetRange:   140.17.0.0 - 140.17.255.255
>>>> CIDR:       140.17.0.0/16
>>>> NetName:    SUM-LETT-6
>>>> NetHandle:  NET-140-17-0-0-1
>>>> Parent:     NET-140-0-0-0-0
>>>> NetType:    Direct Assignment
>>>> Comment:    Defense Information Systems Agency
>>>> Comment:    Attn: Code DDEH/B611
>>>> Comment:    Washington, DC 20305-2000 US
>>>> RegDate:    1990-04-08
>>>> Updated:    1991-07-18
>>>> 
>>>> RTechHandle: AJC5-ARIN
>>>> RTechName:   Tso, Ann J.
>>>> RTechPhone:  +1-703-735-3131
>>>> RTechEmail:  [EMAIL PROTECTED]
>>>> 
>>>> OrgTechHandle: MIL-HSTMST-ARIN
>>>> OrgTechName:   Network DoD
>>>> OrgTechPhone:  +1-800-365-3642
>>>> OrgTechEmail:  [EMAIL PROTECTED]
>>>> 
>>>> 
>>>> 
>>>> --
>>>> Peter and Karin Dambier
>>>> Cesidian Root - Radice Cesidiana
>>>> Rimbacher Strasse 16
>>>> D-69509 Moerlenbach-Bonsweiher
>>>> +49(6209)795-816 (Telekom)
>>>> +49(6252)750-308 (VoIP: sipgate.de)
>>>> mail: [EMAIL PROTECTED]
>>>> mail: [EMAIL PROTECTED]
>>>> http://iason.site.voila.fr/
>>>> https://sourceforge.net/projects/iason/
>>>> http://www.cesidianroot.com/
>> 
>> 
> 

-- 

Regards, 
    Adriel T. Desautels
    Chief Technology Officer - Netragard, LLC
    Office: 617-934-0269 || Mobile : 857-636-8882
    http://www.linkedin.com/pub/1/118/a45
    http://www.netragard.com
    -------------------------
    "We make IT secure."


_______________________________________________
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
All list and server information are public and available to law enforcement 
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets

Reply via email to