The korean host in question is probably an open relay. While we can safely say that
the Korean mail admins of that host are clueless/careless, I doubt that the actual
sender is anywhere in Korea.
Ronneil, are we out to prove our 3l33tn355 by picking on clueless Korean admins now?
[EMAIL PROTECTED] wrote:
>Hi Kid,
>
>Eto yung pinadala mong IP. I've given you enough for a start. Search the
>internet for buffer overflows. I don't want to do it. You do it! :-)
>
>-----------------------start------------------------
>Host (210.105.154.2) appears to be up ... good.
>Initiating SYN half-open stealth scan against (210.105.154.2)
>Adding TCP port 1026 (state open).
>Adding TCP port 862 (state open).
>Adding TCP port 854 (state open).
>Adding TCP port 851 (state open).
>Adding TCP port 21 (state open).
>Adding TCP port 84 (state open).
>Adding TCP port 111 (state open).
>Adding TCP port 873 (state open).
>Adding TCP port 514 (state open).
>Adding TCP port 512 (state open).
>Adding TCP port 515 (state open).
>Adding TCP port 79 (state open).
>Adding TCP port 25 (state open).
>Adding TCP port 6112 (state open).
>Adding TCP port 436 (state open).
>Adding TCP port 6000 (state open).
>Adding TCP port 513 (state open).
>Adding TCP port 1521 (state open).
>
>The SYN scan took 74 seconds to scan 1523 ports.
>For OSScan assuming that port 21 is open and port 1 is closed and neither
>are firewalled
>
>Interesting ports on (210.105.154.2):
>(The 1504 ports scanned but not shown below are in state: closed)
>Port State Service
>21/tcp open ftp
>23/tcp filtered telnet
>25/tcp open smtp
>79/tcp open finger
>84/tcp open ctf
>111/tcp open sunrpc
>436/tcp open dna-cml
>512/tcp open exec
>513/tcp open login
>514/tcp open shell
>515/tcp open printer
>851/tcp open unknown
>854/tcp open unknown
>862/tcp open unknown
>873/tcp open unknown
>1026/tcp open nterm
>1521/tcp open ncube-lm
>6000/tcp open X11
>6112/tcp open dtspc
>
>TCP Sequence Prediction: Class=random positive increments
> Difficulty=60403 (Worthy challenge)
>
>Sequence numbers: 2449E5CE 244D3495 2450092D 2453B77F 24569C27 245BF5E4
>Remote OS guesses: Digital UNIX OSF1 V 4.0,4.0B,4.0D,4.0E, Digital UNIX OSF1
>V 4.0-4.0F
>-----------------------end------------------------
>
>hope this helps.....
>
>> -----Original Message-----
>> From: J. Crus [mailto:[EMAIL PROTECTED]]
>> Sent: Tuesday, 14 November 2000 16:23
>> To: PLUG
>> Subject: [plug] A spam from Korea!
>>
>>
>> Hi!
>>
>> What country with an extension of KR is? Is It Korea?
>> Someone is spamming the elagda-forum list with a forge email.
>> The email came from (HELO pocos1.pocos.co.kr)
>>
>> He is picking and challenging us if we can trace him.
>> I think he is a Pilipino.
>>
>> Please help us trace this guy and give him a lesson.
>>
>> Email me whatever info you can get.
>>
>> Thak You.
>>
>> Here is the header with the msge:
>>
>>
>> --------Original message--------
>> X-Apparently-To: [EMAIL PROTECTED] via web4301.mail.yahoo.com
>> Received: from ho.egroups.com (208.50.99.200)
>> by mta465.mail.yahoo.com with SMTP; 13 Nov 2000
>> 04:55:25 -0800 (PST)
>> X-eGroups-Return:
>> [EMAIL PROTECTED]
>> Received: from [10.1.10.37] by ho.egroups.com with NNFMP; 13
>> Nov 2000 12:41:01 -0000
>> X-Sender: [EMAIL PROTECTED]
>> X-Apparently-To: [EMAIL PROTECTED]
>> Received: (EGP: mail-6_2_1); 13 Nov 2000 12:41:00 -0000
>> Received: (qmail 29820 invoked from network); 13 Nov 2000
>> 12:41:00 -0000
>> Received: from unknown (10.1.10.26) by m3.onelist.org with
>> QMQP; 13 Nov 2000 12:41:00 -0000
>> Received: from unknown (HELO pocos1.pocos.co.kr)
>> (210.105.154.2) by mta1 with SMTP; 13 Nov 2000 12:40:59 -0000
>> Received: by pocos1.pocos.co.kr id AA06323; Mon, 13 Nov 2000
>> 21:39:03 +0900
>> Message-Id: <[EMAIL PROTECTED]>
>> Apparently-To: <[EMAIL PROTECTED]>
>> From: [EMAIL PROTECTED]
>> MIME-Version: 1.0
>> Mailing-List: list [EMAIL PROTECTED]; contact
>> [EMAIL PROTECTED]
>> Delivered-To: mailing list [EMAIL PROTECTED]
>> Precedence: bulk
>> List-Unsubscribe: <mailto:[EMAIL PROTECTED]>
>> Date: Mon, 13 Nov 2000 22:39:03 +0800
>> Reply-To: [EMAIL PROTECTED]
>> Subject: [eLAGDA-forum] erap is taking over
>> Content-Type: multipart/alternative;
>> boundary="rcceF7hAeTIpS9lxlv3y1swsLqOyb4tSfV7vcn3"
>>
>>
>> erap is taking over your e-mail addresses.
>> i'm starting with this one.
>> (oh yeah my name is erap)
>> you take care...
>>
>> p.s. please forward to all your friends
>> and cc: [EMAIL PROTECTED]
>>
>> for your safety.
>>
>>
>> ====================@@@@@@@@@@@@@@@@@@@===========================
>>
>>
>>
>> __________________________________
>> www.edsamail.com
>>
>> _
>> Philippine Linux Users Group. Web site and archives at
>http://plug.linux.org.ph
>To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
__________________________________
www.edsamail.com
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
