Re: FBI bust DDoS 'Mafia'
It's not not OT, or about politics. It's not about they are guilty or not since I Don't care. It's about that "the FBI finally cares, and will bust the script kiddies." This will scare them and will decrease the DDoS attacks from now and on. So ISPs and NSPs should work more with FBI and such parties to decrease the DDoS. Thanks, -J --- "J.A. Terranson" <[EMAIL PROTECTED]> wrote: > > On Sun, 29 Aug 2004, Ricardo "Rick" Gonzalez wrote: > > > > No comments, check the url > > > > > > > http://www.theregister.co.uk/2004/08/27/ddos_mafia_busted/ > > > > > > I'm happy some of these criminals sent to jail! > > > > You know, here in America, we have this concept > called "innocent until > > proven guilty". What country are you from? > > I note for the record that this concept is only held > to be accurate when > applied to politicians or their financiers. The > rest of us are guilty > until convicted, after which our obvious guilt was > finally proven in an > "impartial" court. > > -- > Yours, > > J.A. Terranson > [EMAIL PROTECTED] > 0xBD4A95BF __ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail
Re: FBI bust DDoS 'Mafia'
It's not not OT, or about politics. It's not about they are guilty or not since I Don't care. It's about that "the FBI finally cares, and will bust the script kiddies." This will scare them and will decrease the DDoS attacks from now and on. So ISPs and NSPs should work more with FBI and such parties to decrease the DDoS. Thanks, -J --- "J.A. Terranson" <[EMAIL PROTECTED]> wrote: > > On Sun, 29 Aug 2004, Ricardo "Rick" Gonzalez wrote: > > > > No comments, check the url > > > > > > > http://www.theregister.co.uk/2004/08/27/ddos_mafia_busted/ > > > > > > I'm happy some of these criminals sent to jail! > > > > You know, here in America, we have this concept > called "innocent until > > proven guilty". What country are you from? > > I note for the record that this concept is only held > to be accurate when > applied to politicians or their financiers. The > rest of us are guilty > until convicted, after which our obvious guilt was > finally proven in an > "impartial" court. > > -- > Yours, > > J.A. Terranson > [EMAIL PROTECTED] > 0xBD4A95BF __ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail
FBI bust DDoS 'Mafia'
No comments, check the url http://www.theregister.co.uk/2004/08/27/ddos_mafia_busted/ I'm happy some of these criminals sent to jail! ___ Do you Yahoo!? Express yourself with Y! Messenger! Free. Download now. http://messenger.yahoo.com
ICANN Adds IPv6 to Root DNS
It's IPv6 time. http://www.internetnews.com/infra/article.php/3384791 Thanks, -J __ Do you Yahoo!? Vote for the stars of Yahoo!'s next ad campaign! http://advision.webevents.yahoo.com/yahoo/votelifeengine/
China deploys Internet protocol version 9 network
Hello, Have you heard of IPv9? or it was IPv8? China's Internet technology Ipv9,which being compatible with IPv4 and IPv6,has been formally adapted and popularized into the civil and commercial sector. http://news.xinhuanet.com/english/2004-07/05/content_1572719.htm Thanks, -J __ Do you Yahoo!? Yahoo! Mail is new and improved - Check it out! http://promotions.yahoo.com/new_mail
Time Warner Telecom Launches Managed Security Services (DDoS)
Hello, Another network to add stuff against DDoS after other NSPs. Check it here http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=109&STORY=/www/story/06-22-2004/0002197576&EDATE= Thanks, -J __ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage! http://promotions.yahoo.com/new_mail
Today's Internet
Hello, Are we part of the Today's Internet mess? http://www.internetnews.com/bus-news/article.php/3365491 -J __ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/
nanog@merit.edu
Hello folks, Here is a great move from one of the biggest NSPs, I'm sure we will see L3, Sprint, UUNet and others will do the same soon to gain more customers since DDoS is the nightmare of the internet now. http://biz.yahoo.com/prnews/040601/nytu051a_1.html Thanks, -J __ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/
botnets world and the FBI
Hello, I found this important article, maybe it's the time to have the FBI to work in the e-crime more and more. http://www.starbanner.com/apps/pbcs.dll/article?AID=/20040506/ZNYT05/405060313/1009/BUSINESS Thanks, -J __ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/
UUNet->Teleglobe
Hello, Do you see any issue between UUNet and TeleGlobe in East coast? traceroute to ix-12-0-0.bb1.HongKong.teleglobe.net (64.86.126.18) from 195.129.70.25: 1-30 hops, 38 byte packets 1 ge-0-0-0.ams9eusoesr1.ams.ops.eu.uu.net (193.67.79.213) [AS702 - NLnet Pseudo blocks] 0.672 ms (ttl=254!) 0.306 ms (ttl=254!) 0.283 ms (ttl=254!) 2 ge-1-1-0.HR1.AMS9.ALTER.NET (212.136.185.117) [AS702 - NLnet Pseudo blocks] 0.351 ms (ttl=253!) 0.326 ms (ttl=253!) 0.299 ms (ttl=253!) 3 so-2-0-0.CR2.AMS9.ALTER.NET (212.136.185.109) [AS702 - NLnet Pseudo blocks] 0.352 ms (ttl=252!) 0.331 ms (ttl=252!) 0.311 ms (ttl=252!) 4 so-7-0-0.XR1.AMS6.ALTER.NET (212.136.185.105) [AS702 - NLnet Pseudo blocks] 0.395 ms (ttl=251!) 0.393 ms (ttl=251!) 0.371 ms (ttl=251!) 5 so-0-1-0.TR2.AMS2.ALTER.NET (146.188.8.82) [AS702 - UUNET-NET] 0.424 ms (ttl=250!) 0.427 ms (ttl=250!) 0.418 ms (ttl=250!) 6 so-4-0-0.IR1.DCA4.ALTER.NET (146.188.5.197) [AS702 - UUNET-NET] 82.1 ms (ttl=249!) 82.2 ms (ttl=249!) 82.1 ms (ttl=249!) 7 so-0-0-0.IL1.DCA6.ALTER.NET (146.188.13.33) [AS702 - UUNET-NET] 82.1 ms (ttl=248!) 82.1 ms (ttl=248!) 82.2 ms (ttl=248!) 8 0.so-1-0-0.TL1.DCA6.ALTER.NET (152.63.9.194) 82.2 ms (ttl=247!) 82.2 ms (ttl=247!) 82.2 ms (ttl=247!) 9 0.so-6-0-0.XL1.DCA6.ALTER.NET (152.63.38.70) 82.2 ms (ttl=246!) 82.2 ms (ttl=246!) 82.2 ms (ttl=246!) 10 POS6-0.BR3.DCA6.ALTER.NET (152.63.38.117) 82.8 ms 82.6 ms 82.6 ms 11 204.255.174.198 (204.255.174.198) 84.0 ms 84.0 ms 84.0 ms 12 if-2-0.core2.Newark.Teleglobe.net (64.86.83.213) 348 ms (ttl=236!) 348 ms (ttl=236!) 349 ms (ttl=236!) 13 if-1-0.core3.PaloAlto.teleglobe.net (64.86.138.125) 352 ms (ttl=237!) 353 ms (ttl=237!) 352 ms (ttl=237!) 14 if-10-0.core2.PaloAlto.Teleglobe.net (207.45.220.6) 351 ms (ttl=237!) 351 ms (ttl=237!) 353 ms (ttl=237!) 15 if-7-0.core2.LosAngeles.Teleglobe.net (207.45.222.25) 489 ms (ttl=239!) 384 ms (ttl=239!) 415 ms (ttl=239!) 16 if-5-0.core1.LosAngeles.Teleglobe.net (207.45.223.62) 348 ms 348 ms 348 ms 17 if-3-0.core1.HongKong.teleglobe.net (64.86.129.5) 351 ms (ttl=241!) 351 ms (ttl=241!) 351 ms (ttl=241!) 18 if-8-0-0.bb1.HongKong.Teleglobe.net (64.86.80.129) 352 ms (ttl=240!) 353 ms (ttl=240!) 352 ms (ttl=240!) 19 ix-12-0-0.bb1.HongKong.teleglobe.net (64.86.126.18) * 410 ms (ttl=241!) 410 ms (ttl=241!) Thanks, -J __ Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time. http://taxes.yahoo.com/filing.html
House Panel Slams Federal IT Security
Hi, Federal agencies aren't doing enough to secure their network systems, even as documented cyber-attacks against the U.S. government continue to dramatically rise, U.S. Rep. Adam Putnam (R-FL) said Thursday. For more info check http://www.internetnews.com/infra/article.php/3327081 Thanks, -J __ Do you Yahoo!? Yahoo! Mail - More reliable, more storage, less spam http://mail.yahoo.com
Security: Cisco time?
Hello, I think cisco woke up now, http://www.theregister.co.uk/content/5/36156.html You NSPs are the worst enemy for the internet security, do you know why? You are allowing your customers to abuse, and ignore the abuse emails, but that doesn't matter since they pay for the bw. Good example, hinet is the spolied kid of Sprint, UUNet, and AT&T, is the worst infected ISP. I don't buy innocent users joke, everyone connected the net is responsible and shouldn't be a problem on it. I think it's the right time to make something for abuseive NSP/ISPs like spews. ahbl.org is good idea. PS: I know most of you, were ignoring the DDoS till it's too late now, soon we will see the internet goes down, and not trust worthy. Thanks, -J Do you Yahoo!? Yahoo! Search - Find what youre looking for faster.
UUNet Offer New Protection Against DDoS
Hello Nanogers! I'm happy to see this, and I hope C&W, Verio, and Level3 ..etc will do the same! MCI/WorldCom Monday unveiled a new service level agreement (SLA) to help IP services customers thwart and defend against Internet viruses and threats. http://informationweek.securitypipeline.com/news/18201396 It's the right time before it's too late! Regards, -J Do you Yahoo!? Yahoo! Search - Find what youre looking for faster.
XO contact.
Hello, I need someone in XO with clue to contact me off list regarding hacking/exploiting issues. All my mails to noc@ and abuse@ didn't make anything. Thanks, -J __ Do you Yahoo!? Yahoo! Mail SpamGuard - Read only the mail you want. http://antispam.yahoo.com/tools
RE: SECURITY: Abuse & upnormal traffic in 207.218.250.181 [ev1.net]
Hello folks, I would like to thank everyone who helped out to get this issue resolved. Many thanks go to Mr. Alif Terranson the OpSec Engineering Manager from Savvis Communications Corporation. Thanks, -J __ Do you Yahoo!? Yahoo! Finance: Get your refund fast by filing online. http://taxes.yahoo.com/filing.html
ev1.net security contact
Hello, Can I get someone from ev1.net contact me off the list? it's security/hacking issue. Thanks, -J __ Do you Yahoo!? Yahoo! Finance: Get your refund fast by filing online. http://taxes.yahoo.com/filing.html
Internet law
Hello, when will we see the FBI, and other local police in the other countries send the script kiddies to the JAILL so we can use the internet without too much pain? Thanks, -J __ Do you Yahoo!? Find out what made the Top Yahoo! Searches of 2003 http://search.yahoo.com/top2003
nlayer.net Abuse and Security contact
Folks,
I have sent many emails to [EMAIL PROTECTED] and
[EMAIL PROTECTED] reporting a security abuse by one
of their users but nothing done up to now.
If there is real person from nlayer.net please contact
me offline.
Thanks,
-J
__
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
http://photos.yahoo.com/--- Begin Message ---
Dear Sir/Madam,
We have known script kiddie who spreads
Download.Trojan and BAT.Trojan.
The script kiddi runs port scan and infect the users
who use WinNT, 2000 and XP via port 445 if the windows
isn't updated.
He is issuing commands to the infected PC to download
this setup file which has these trojans.
http://www.darkhell.org/sh1.exe
This host is hosting the trojan files which is in
sh1.exe
When you download this file and you have Norton
Antivirus or Mcafee with latest virus ID, your AV will
detect it directly as below:
can type: Realtime Protection Scan
Event: Virus Found!
Virus name: Download.Trojan
File: C:\WINNT\system32\Haver\Backsa.exe
Location: Quarantine
Computer: RASHID-ALKUBAIS
User: Administrator
Action taken: Clean failed : Quarantine succeeded :
Access denied
Date found: Tue Dec 16 09:23:12 2003
Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: BAT.Trojan
File: C:\WINNT\system32\Haver\ceve.bat
Location: Quarantine
Computer: RASHID-ALKUBAIS
User: Administrator
Action taken: Clean failed : Quarantine succeeded :
Access denied
Date found: Tue Dec 16 09:23:12 2003
When I got connected to his IRC server I saw this:
* Dns resolved sh1.cellfiles.org to 81.134.89.149
[07:01] * Connecting to 81.134.89.149 (6667)
-
[07:01] -irc.DarkHell.Org- *** Looking up your
hostname...
-
There are 437 users and 0 invisible on 1 servers
2 channels formed
I have 437 clients and 0 servers
-
[07:01] * Now talking in #sh1-
[07:01] <[H0-3250]> !pfast stop
[07:01] <[H0-3250]> !syn 66.90.92.202 6667 500
[07:01] <[H0-3250]> !pfast 44 66.90.92.202 6667
[07:02] <[H0-3250]> !syn 202.91.32.181 6667 500
[07:02] <[H0-3250]> !pfast stop
[07:02] <[H0-3250]> !pfast 44 202.91.32.181 6667
[07:02] <[H0-3250]> !syn 69.65.31.3 6667 500
[07:02] <[H0-3250]> !pfast stop
[07:02] <[H0-3250]> !pfast 44 69.65.31.3 6667
[07:02] <[H0-3250]> !ipscan
[07:02] <[H0-3250]> !syn 66.151.29.193 6667 500
-
[H0-3250] is
[EMAIL PROTECTED] * h3h3
[H0-3250] on +#sh1-
[H0-3250] using irc.DarkHell.Org DarkHell server
[H0-3250] has been idle 18secs, signed on Mon Dec 15
14:53:28
[H0-3250] End of /WHOIS list.
-
==
And he issuing these DDoS attacks against the IRC
servers around the globe and the http servers.
The traceroute to www.darkhell.org shows that it's
hosted in your network.
Show Level 3 (Baltimore, MD) Traceroute to
www.darkhell.org (69.22.169.27)
1 so-11-0.hsa2.Baltimore1.Level3.net (4.68.112.70) 0
msec
so-6-1-0.mp1.Baltimore1.Level3.net (4.68.112.65) 0
msec
so-11-0.hsa2.Baltimore1.Level3.net (4.68.112.70) 0
msec
2 so-0-1-0.bbr2.Washington1.Level3.net
(64.159.0.230) 0 msec
so-6-1-0.mp2.Baltimore1.Level3.net (4.68.112.73) 0
msec
so-0-1-0.bbr2.Washington1.Level3.net
(64.159.0.230) 0 msec
3 so-6-1-0.bbr1.Washington1.Level3.net
(64.159.0.106) 4 msec
so-7-0-0.edge1.Washington1.Level3.net
(209.244.11.14) 0 msec
so-6-1-0.bbr1.Washington1.Level3.net
(64.159.0.106) 4 msec
4 209.0.227.118 4 msec
so-6-0-0.edge1.Washington1.Level3.net
(209.244.11.10) 0 msec
209.0.227.118 4 msec
5 209.0.227.118 4 msec
pos3-1-2488M.cr2.WDC2.gblx.net (67.17.67.58)
[AS3549 {GBLX}] 4 msec
209.0.227.118 0 msec
6 so4-0-0-2488M.cr1.PAO2.gblx.net (67.17.92.241)
[AS3549 {GBLX}] 76 msec
pos3-1-2488M.cr1.WDC2.gblx.net (67.17.67.54)
[AS3549 {GBLX}] 4 msec
so4-0-0-2488M.cr1.PAO2.gblx.net (67.17.92.241)
[AS3549 {GBLX}] 76 msec
7 so4-0-0-2488M.cr1.PAO2.gblx.net (67.17.92.241)
[AS3549 {GBLX}] 76 msec
so2-0-0-2488M.ar3.PAO2.gblx.net (67.17.67.238)
[AS3549 {GBLX}] 80 msec
so4-0-0-2488M.cr1.PAO2.gblx.net (67.17.92.241)
[AS3549 {GBLX}] 76 msec
8 gblx.ge-1-0-0.cr1.pao1.nlayer.net (69.22.143.193)
[AS4474 {GVIL1}] 80 msec
so2-0-0-2488M.ar3.PAO2.gblx.net (67.17.67.238)
[AS3549 {GBLX}] 80 msec
gblx.ge-1-0-0.cr1.pao1.nlayer.net (69.22.143.193)
[AS4474 {GVIL1}] 76 msec
9 gblx.ge-1-0-0.cr1.pao1.nlayer.net (69.22.143.193)
[AS4474 {GVIL1}] 80 msec
ge-1-1-0.cr1.sfo1.nlayer.net (69.22.143.178)
[AS4474 {GVIL1}] 76 msec
gblx.ge-1-0-0.cr1.pao1.nlayer.net (69.22.143.193)
[AS4474 {GVIL1}] 80 msec
10 ge4-4.hr1.sfo1.nlayer.net (69.22.143.10) [AS4474
{GVIL1}] 108 msec
ge-1-1-0.cr1.sfo1.nlayer.net (69.22.143.178)
[AS4474 {GVIL1}] 76 msec
ge4-4.hr1.sfo1.nlayer.net (69.22.143.10) [AS4474
{GVIL1}] 80 msec
11 ge1-1.hr1.sfo1.nlayer.net (69.22.143.2) [AS4474
{GVIL1}] 80 msec
customer.ge1-5.hr1.sfo1.nlayer.net (69.22.128.230)
[AS4474 {GVIL1}] 80 msec
ge1-1.hr1.sfo1.nlaye
Re: hinet.net contact
--- Suresh Ramasubramanian <[EMAIL PROTECTED]> wrote: > John Obi writes on 10/30/2003 12:22 PM: > > > Hello folks, > > > > I can tell you that hinet.net hosts being > exploited by > > script kiddies and no one in hinet.net cares. > > > > And I really failed to get a contact of their > abuse > > department, or any live person bothers to reply. > > You might want to contact the TW-CERT people at > http://www.cert.org.tw/eng/index.htm > > -- Folks, I tried that with no luck, I also tried other listed conacts in the whois list with no luck. I found that AT&T , UUNet, and Sprint are the NSPs of this ISP. Can anyone from these ISPs get hinet.net to deal with the abuse emails? Please contact me off list if you can help. Thanks, -J __ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree
Verizon abuse contact
Hello folks, I reported exploited hosts in Verizon network to their abuse department since one week now. I only get auto reply but no real person did take action till this moment. If there is Verizon person who can help, please contact me off list. Thanks, -J __ Do you Yahoo!? Exclusive Video Premiere - Britney Spears http://launch.yahoo.com/promos/britneyspears/
hinet.net contact
Hello folks, I can tell you that hinet.net hosts being exploited by script kiddies and no one in hinet.net cares. And I really failed to get a contact of their abuse department, or any live person bothers to reply. All the complaints and report got no where. I need to report security issues about going DDoS attacks all the time by script kiddies from State of Kuwait using hinet.net as primary windows IRC servers to control the DDoS bots. If you know someone over there please help to get these issues resolved. Thanks, -J __ Do you Yahoo!? Exclusive Video Premiere - Britney Spears http://launch.yahoo.com/promos/britneyspears/
Riverhead or Lancope?
Nanogers, Did you ever tested Riverhead or Lancope? I know rackspace uses one or both of them. Are they good products and worth the try? Can they really decrease the the DDoS damage? Are they better than CISCO products? Are there any tips? Thanks, -J __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
I can't reach MS sites
Hello, I can't open www.microsoft.com , windowsupdate.microsoft.com and www.msn.com very slow. It took long time to sign in the msn IM too. Do you see any problems so far? Thanks, -J __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
