Title: TCP port 25 traffic?
Yeah, I think its called SPAM, not new
though
Try connecting to your server via telnet on port 25
and see if you can get an interactive connection.
type in the following commands:
expn
vrfy
and see if they are accepted. If so, your
server is open to possib
Title: TCP port 25 traffic?
I've seen an unusual amount of connection attempts to TCP port 25 on a particular system in my network as of the past 48 hours or so. It's only this one system, and it's multiple source IP's. Is there anything new for SMTP?
Thanks for any info... josh
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 372-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Matt Zimmerman
August 16th, 2003
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On August 16, 2003 06:50 pm, Bernie, CTA wrote:
> On 16 Aug 2003 at 20:37, Stephen Clowater wrote:
> > > First of all, it is unrealistic to assume that the power
> > > plants, distribution nodes and sub stations are still equipped
> > > with 1965 techn
I did hear that there was a company that just coincidentally
received a patent on a unique superconductor based arrester
valve the day before the blackout. This valve is designed to
suck down excess power surges and they could cost millions of
dollars.
Intermagnetics to develop surge prote
> The theory that the Blackout event started by power generation
> loss (downed transmission lines) at a Cleveland plant is a
> little better then the lightning bolt Canada theory, but still
> inconsistent with the technical aspects of the Grids automated
> fault protection and power load balancing
Doesn't matter if it's work , the fact that a house can be protected by a
sophisticated security system , don't foget to close the door :p --snip-
--
/etc/shadow
root:$1$RHyu0Poe$Cpz0XJ4meFPI1/5Gx2oQN.:12196:0:9:7:::
bla bla bla ...
bal:$1$YU7BaSwM$E/V8fWqrPO.WqKPzidOdN0:12197:0:9:7::
On 16 Aug 2003 at 20:37, Stephen Clowater wrote:
> >
> > First of all, it is unrealistic to assume that the power
> > plants, distribution nodes and sub stations are still equipped
> > with 1965 technology. Have you ever visited any of these
> > facilities? I have.
>
> Thats not what I said, What
On Sat, Aug 16, 2003 at 01:55:56PM -0700, Jimb Esser wrote:
> FWIW, I think that check is just part of the webshell, and if you do
> something like "cat /etc/../etc/shadow" it doesn't complain and will
> behave as expected (and "as expected" means that since the 'cat'
> command didn't access the /e
At 04:01 PM 8/16/2003 -0400, you wrote:
>> http://203.197.88.14/
>> http://203.197.88.14/efc
>I'm not one to judge product quality based (partially or otherwise) on
>past or current programming mistakes, but if I was, I'd say that
>something like:
>
>for(i=0;arg[i]; i++) {
>if ((strncmp(arg
- Original Message -
From: "Bernie, CTA" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, August 16, 2003 2:25 PM
Subject: Re: [Full-Disclosure] east coast powergrid / SCADA [OT?]
> On 16 Aug 2003 at 5:36, Stephen Clowater wrote:
> > Its highly unlikely that msblast had anyth
SCADA [OT?]
>
>
> > Ground zero for the blackout seems to be Parma, OH according to
> > local papers and ABC News:
> >
> > http://abcnews.go.com/wire/US/ap20030816_755.html
> >
> > http://junior.apk.net/~jnoga/F16CAUSE.html
> >
> > http://www.t
PROS AND CONS OF EFC.
1. Can protect against known or unknown vulnerabilities.
Ok, with that in mind, lets see how well it stands up to "unknown"
attacks...
I'm not one to judge product quality based (partially or otherwise) on
past or current programming mistakes, but if I was, I'd say that
som
- Original Message -
From: "Geoff Shively" <[EMAIL PROTECTED]>
To: "Stephen Clowater" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Saturday, August 16, 2003 3:55 PM
Subject: Re: [Full-Disclosure] east coast powergrid / SCADA [OT?]
> >
> > I'd read thru the bugtraq archives on secur
On Sat, Aug 16, 2003 at 07:13:50AM -0500, Shanphen Dawa wrote:
> This was posted to bugtraq.
>
> http://www.securityfocus.com/archive/1/333451/2003-08-13/2003-08-19/0
>
> The author of the software claims any machine running this
> Execution Flow Control (EFC) program is 100%. I think 100% is a t
003 11:25 AM
Subject: RE: [Full-Disclosure] east coast powergrid / SCADA [OT?]
> Ground zero for the blackout seems to be Parma, OH according to local
> papers and ABC News:
>
> http://abcnews.go.com/wire/US/ap20030816_755.html
>
> http://junior.apk.net/~jnoga/F16CAUSE.html
>
&
>
> I'd read thru the bugtraq archives on securityfocus.com so you can really
> get a sense of the kinda long standing trouble rpc has been causeing over
> the years, RPC has been a long standing issue, in fact, For the last few
> years, Most places have just started blocking rpc out to the interne
Well first of all, 100% seems like reminiscent of the Bulldog BullGaurd
stuff of a few years ago. People should know better.
Second of all, they step back from the edge here by saying
http://203.197.88.14/efc/efc_intro.php
"Please note that we do not claim that right from version 1 EFC will provi
Ground zero for the blackout seems to be Parma, OH according to local
papers and ABC News:
http://abcnews.go.com/wire/US/ap20030816_755.html
http://junior.apk.net/~jnoga/F16CAUSE.html
http://www.toledoblade.com/apps/pbcs.dll/article?AID=/20030816/NEWS08/10
8160106
Richard
-Original
On 16 Aug 2003 at 5:36, Stephen Clowater wrote:
> Its highly unlikely that msblast had anything to do with the
> power outage. For one, the internal rpc network that is used to
> monitor actual power spikes, and to move current from one circut
> to the next in a grid is a closed network. And in the
- Original Message -
From: "Geoff Shively" <[EMAIL PROTECTED]>
To: "Stephen Clowater" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Saturday, August 16, 2003 3:33 AM
Subject: Re: [Full-Disclosure] east coast powergrid / SCADA [OT?]
> > Please, if that
> > were the case, why have non
On Fri, 15 Aug 2003 10:39:21 CDT, Max Valdez <[EMAIL PROTECTED]> said:
> Dont talk for others
>
> A lot of people realized and comented that, even news did
> > Nobody gave a shit when windowsupdate.microsoft.com got nailed with CodeRed.
And what actually *CHANGED*?
Yeah, a lot of people may h
How exactly does this differ from any other Host based IDS system?
- Original Message -
From: "Shanphen Dawa" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, August 16, 2003 7:13 AM
Subject: [Full-Disclosure] Execution Flow Control (EFC)
> This was posted to bugtraq.
>
> http
On Sat, 16 Aug 2003 07:13:50 -0500, Shanphen Dawa <[EMAIL PROTECTED]>
wrote:
This was posted to bugtraq.
http://www.securityfocus.com/archive/1/333451/2003-08-13/2003-08-19/0
The author of the software claims any machine running this
Execution Flow Control (EFC) program is 100%. I think 100% is
Yes, and it will continue to scan for new hosts to infect.
On Fri, 2003-08-15 at 10:06, Ted Hansson wrote:
> I've got no clue on how to post here...
>
> but let's say you were infected with the MsBlast Bug and you have pathced
> yoy system but not removed the bug.. will it still do the Ddos Atta
This was posted to bugtraq.
http://www.securityfocus.com/archive/1/333451/2003-08-13/2003-08-19/0
The author of the software claims any machine running this
Execution Flow Control (EFC) program is 100%. I think 100% is a tad bit arrogant, and
I can't wait till he has to eat his words. The websit
m$ removing windowsupdate.com sets a quite dangerous precedent and gives a good
motivation to worm writers IMHO.
a lot of people claimed the worm is lame and bad written, but the worm's goal
was to DoS windowsupdate.com and it rm'ed it permanently (judging from news
sources).
according to some l
Hello again,
P0f is a passive OS fingerprinting tool that gathers useful information
about visitors / attackers without triggering any suspicious traffic. In
addition to accurately and precisely fingerprinting a remote OS based on a
large number of metrics, p0f can also determine link types, dist
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Microsoft.com isn't dead, just busy. That site as well as
http://windowsupdate.microsoft.com came right up for me.
- --
Kryptos
[EMAIL PROTECTED]
925.955.8110
AIM: iKryptos
ICQ: 3240272
IRC: Kryptos (irc.icq.com)
MSN: [EMAIL PROTECTED]
Y!: ikryptos
H
Hey sorry about the broken links and fucked example,
this is HOON, an at&t assembler compiler for use on windows/linux to make
modular shellcode.
this is then second installament of HOON, with calls and jmps pretty much
fully working. anyway, there is going to be alot of sub-methods goin into HO
In some mail from Myers, Marvin, sie said:
>
> Not only is it ridiculous, it goes against everything that the power
> companies have been telling us for years. If anyone has ever stood
> outside during a thunderstorm and watched lightening bounce back and
> forth across wires and transformers, the
> Now can we give msblast a rest? :)
Not just yet, I still have a breath or two left =).
>This is far from a complete explanation. But it fits the available facts,
it
>fits the timetable of what happened, and it makes logical sense in relation
>to the recent history of the power grid.
I have to
32 matches
Mail list logo