Did you check the proxy settings?
- Original Message -
From: "Daniel H. Renner" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, December 30, 2003 12:23 AM
Subject: [Full-Disclosure] Reverse http traffic
> Hello,
>
> I had a case recently wherein one of a client's systems (W
Golden_Eternity wrote:
>>If ($count > $max_count && !is_numeric($count))
>
> Shouldn't that be '||' instead of '&&'?
Yes, of course. Sorry, this typo should have been fixed before releasing
the advisory.
Thanks a lot for the hint,
Jens Liebchen
ppp-design
--
ppp-design
http://www.ppp-desi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 405-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
December 30th, 2003
On Tue, 30 Dec 2003 02:25:06 +0100
Papp Geza <[EMAIL PROTECTED]> wrote:
> Hy,
> I love NAV not, and my machine not run Symantec program. Real Time and
> on acces functions not good.
Could you please give some better reason than "not good" why the on-access
scanner is bad ?
--
Dennis Freise <[EM
Hi everyone -
For days now, I've been receiving weird messages, with a few lines of
apparently random, garbage text, like this:
highest bailiff nomad father advise heir
oxygen honorarium allegro reveal wronskian indentation coachmen
deficient tribute arcturus mitigate bypath
Anyone got a clu
On Tue, 30 Dec 2003 13:48:14 +0100
[EMAIL PROTECTED] wrote:
> Hi everyone -
>
> For days now, I've been receiving weird messages, with a few lines of
> apparently random, garbage text, like this:
>
> highest bailiff nomad father advise heir
> oxygen honorarium allegro reveal wronskian indentati
Hi,
Perhaps some spammers trying to test circumvention of anti-spam filter ?
Just filling mail with random words to test if this can pass some score-based filter
like Baysian filter?
If those messages are accepted, they will try later with some advertising for a
Miracle Pill to make some part o
El martes 30 de diciembre a las 13:48, [EMAIL PROTECTED] escribió:
>highest bailiff nomad father advise heir
>oxygen honorarium allegro reveal wronskian indentation coachmen
>deficient tribute arcturus mitigate bypath
This is used habitually by spammers trying to fool bayesian
spamfilt
yes i remember seeing a couple of these emails in our postmaster boxes,
spam-assassin picked them up..
from what i saw of the mails ( and this is my opinion only..) it seems as
if they are banned-wordlists, you know the ones people would like to pick
up.
not sure exactly why they're floating roun
[EMAIL PROTECTED] wrote:
> For days now, I've been receiving weird messages, with a few lines of
> apparently random, garbage text, like this:
>
> highest bailiff nomad father advise heir
> oxygen honorarium allegro reveal wronskian indentation coachmen
> deficient tribute arcturus mitigate byp
> highest bailiff nomad father advise heir
> oxygen honorarium allegro reveal wronskian indentation coachmen
> deficient tribute arcturus mitigate bypath
>
>
> Anyone got a clue what this is? There are no attachments to these mails, but
> they keep coming in at a rate of about 1-2 per day, from di
>
> Can anyone tell me what actually could cause this?
>
most likely poor networking skills and improper network configuration.
But, looks like a new list is needed, with the influx of "can anyone
define my problem" messages being tossed to this list, which is *not*
internet-help-line.
Thanks,
Today I've noticed something weird on all my FreeBSD boxes. When I whois
domains like msn.com, microsoft.com, aol.com and others I get stuff like:
$ whois msn.com
Whois Server Version 1.3
Domain names in the .com and .net domains can now be registered
with many different competing registrars.
Yes, I have seen similar e-mails and yes, this appears to be word list probes to see
what will and will not pass through your filter. Once they compile a reasonable
trigger list, they will omit those words from their SPAM messages. This also explains
why the e-mail is coming from random sources.
> "Chris" == Chris McGinnis <[EMAIL PROTECTED]> writes:
Chris> Today I've noticed something weird on all my FreeBSD boxes. When I
Chris> whois domains like msn.com, microsoft.com, aol.com and others I get
Chris> stuff like:
Chris> $ whois msn.com
Chris> Whois Server Version 1.3
Chris> Doma
At 30.12.2003 15:25 +0100, Joris De Donder wrote:
>
>> highest bailiff nomad father advise heir
>> oxygen honorarium allegro reveal wronskian indentation coachmen
>> deficient tribute arcturus mitigate bypath
>>
>>
>> Anyone got a clue what this is? There are no attachments to these
mails, but
>>
Title: whois.crsnic.net hacked?
Following up on earlier post. FreeBSD whois defaults
to whois.crsnic.net
It appears that whois.crsnic.net is owned:
whois -h whois.crsnic.net microsoft.com
Whois Server Version 1.3
Domain names in the .com and .net domains can now be registered
with m
this is a common occurrance...all one must do is register a nameserver
with the "target" domain as the beginning of the subdomain. Do a WHOIS
on microsoft.com and you'll see what I mean.
Several companies are now doing this to their competition
On Tue, 2003-12-30 at 12:42, Chris McGinnis wrote:
>
Title: whois.crsnic.net hacked?
have you never whois'd microsoft.com before? thats
relatively normal - wonder what irc servers and shell hosts those are used on
:)
Regards, Paul
- Original Message -
From:
Brown, James
(Jim)
To: '[EMAIL PROTECTED]'
Sent: Tuesday,
Disabling cached logon credentials is on virtually every server hardening
checklist.
If you have your servers physically secured in a data center what is
the real benefit of disabling cached logon credentials?
Whenever a server is off the network, admins have to obtain the local
admin password.
On Tue, 30 Dec 2003 13:48:14 +0100
[EMAIL PROTECTED] wrote:
> Hi everyone -
>
> For days now, I've been receiving weird messages, with a few lines of
> apparently random, garbage text, like this:
>
> highest bailiff nomad father advise heir
> oxygen honorarium allegro reveal wronskian indentati
On Tuesday 30 December 2003 01:33 pm, Discini, Sonny wrote:
> Yes, I have seen similar e-mails and yes, this appears to be word list
> probes to see what will and will not pass through your filter.
I don't think so. The examples I've seen here have been nothing but a string
of nonsense words, w
Ps obviously they are pointing wanting you to visit
http://www.gulli.com/
which is some german (?) hack/crack/serial and news site.
Mark Bassett
Network Administrator
World media company
Omaha.com
402-898-2079
-Original Message-
From: Chris McGinnis [mailto:[EMAIL PROTECTED]
Sent: Tues
On Tue, Dec 30, 2003 at 12:42:55PM -0600, Chris McGinnis wrote:
> My linux boxes seem to work fine. When I query a specific whois server
> such as whois.networksolutions.com it works fine also. Is anyone else
> getting anything like this? I'm thinking maybe the default whois server
> that the
The text/plain part only contains 3 lines of random words. The text/html
part looks like this (for instance):
Hi,
Genierc and Super Viarga (Caiils) available online!
Most trusted online source!
Cilais or (Spuer Vagira)
takes affect right away & lasts 24-36 hours!
FOR SUEPR VAIR
Its not just your boxes, check msn.com at www.betterwhois.com
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.MSN.COM.TW
MSN.COM.SUCKS.FIND.CRACKZ.WITH.SEARCH.GULLI.COM
MSN.COMTo single
One more update ( sorry for the multiple postings..
So looks like whois.godaddy.com whois.gandi.net and
whois.itsyourdomain.com are the offenders.
Server Name: MSN.COM.TW
Registrar: GO DADDY SOFTWARE, INC.
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Funny that your name is also included in the attached, Georgi ;-)!
Anthony
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Georgi
Guninski
Sent: Tuesday, December 30, 2003 17:07
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] fwd: Join "IE Dream Team"
haha
-BEGIN PGP SIGNED MESSAGE-
Hash: MD5
Hello
2003. december 30., 13:48:14, írtad:
vhc> Hi everyone -
vhc> For days now, I've been receiving weird messages, with a few lines of
vhc> apparently random, garbage text, like this:
vhc> http://www.nod32.com
Nice spam this. In Hungary also I ge
Hello Freise
2003. december 30., 12:33:33, írtad:
DF> On Tue, 30 Dec 2003 02:25:06 +0100
DF> Papp Geza <[EMAIL PROTECTED]> wrote:
>> Hy,
>> I love NAV not, and my machine not run Symantec program. Real Time and
>> on acces functions not good.
DF> Could you please give some better reason than "n
> Temporary-Fix
> -
> Replace
> If ($count > $max_count)
> with
> If ($count > $max_count && !is_numeric($count))
Shouldn't that be '||' instead of '&&'?
-G_E
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-dis
All,
Looks like the bogus Microsoft updates are back - I don't have time to
do diags on this (probably klez or something - anyone wants a copy email
me off-list and I'll zip it to you). Headers etc below for your amusement.
Happy New Year!
G
--- CUT HERE
[EMAIL PROTECTED] wrote:
> On Tuesday 30 December 2003 01:33 pm, Discini, Sonny wrote:
> > Yes, I have seen similar e-mails and yes, this appears to be word list
> > probes to see what will and will not pass through your filter.
>
> I don't think so. The examples I've seen here have been nothin
" don't think so. The examples I've seen here have been nothing but a
string
of nonsense words, with no link or web bug. A probe has to have some
way of
reporting success/failure, and I don't know many systems that bounce
spam
filter failures."
Actually, by default, Symantec's SPAM filter wi
Did you read Randall Schwartz's commentary on why this happens?
Quoting "Bassett, Mark" <[EMAIL PROTECTED]>:
*> One more update ( sorry for the multiple postings..
*>
*> So looks like whois.godaddy.com whois.gandi.net and
*> whois.itsyourdomain.com are the offenders.
*>
*>
*> Server Name: MS
> "Brown," == Brown, James (Jim) <[EMAIL PROTECTED]> writes:
Brown,> Following up on earlier post. FreeBSD whois defaults
Brown,> to whois.crsnic.net
Brown,> It appears that whois.crsnic.net is owned:
No, please pay attention.
Brown,> MICROSOFT.COM.WILL.LIVE.FOREVER.BECOUSE.UNIXSUCKS.COM
huh?
On Tue, Dec 30, 2003 at 02:24:29PM -0500, Brown, James (Jim) wrote:
> From: "Brown, James (Jim)" <[EMAIL PROTECTED]>
> To: "'[EMAIL PROTECTED]'"
><[EMAIL PROTECTED]>
> Subject: [Full-Disclosure] whois.crsnic.net hacked?
> Date: Tue, 30 Dec 2003 14:24:29 -0500
>
> Following up on ear
> "Bassett," == Bassett, Mark <[EMAIL PROTECTED]> writes:
Bassett,> One more update ( sorry for the multiple postings..
Bassett,> So looks like whois.godaddy.com whois.gandi.net and
Bassett,> whois.itsyourdomain.com are the offenders.
No, you can register such names with *any* registrar, ev
At 02:24 PM 30/12/2003, Brown, James (Jim) wrote:
Following up on earlier post. FreeBSD whois defaults
to whois.crsnic.net
It appears that whois.crsnic.net is owned:
As was explained in another thread, those are just registered name server
hosts...
e.g.
create the host i.own.a.lollipop.thrupoin
Thus spake Bassett, Mark ([EMAIL PROTECTED]) [30/12/03 16:26]:
> Its not just your boxes, check msn.com at www.betterwhois.com
Quick everyone, the Internet's been hacked! Turn it off! Turn it off!
This is normal and expected behaviour. You're not searching for
/^microsoft.com$/, you're searchi
Looks like they are trying to attract a particular researcher.cough,
coughyoucough,cough. :-)
Sonny Discini
Network Security Engineer
Department of Technology Services
Enterprise Infrastructure Division
Montgomery County Government
-Original Message-
From: Georgi Guninski [ma
Even with physical access you (a hacker) want to do what you have to ,
leave and still be undetected. If a hacker is going to get to a physical
server only to change the admin password and do some hack (i.e. trojan),
I would find it silly because when the admin finds out that its not a
password he
Hello Ron,
If I appeared to be a newbie with a problem - I am not, nor am I an
expert who might know what that type of traffic could be.
There currently is no problem with this guy's LAN, nor with his Internet
connection. The problem was handled with the installation of the
firewall as I mention
Hello Dennis,
I can give you two good reasons why not to use NAV:
1. We have seen in the field 7 cases in the last 3 months where updated
NAV (both individual and corporate versions) found an infected file,
stated what virus it was infected with, and left a message in the event
log that it "succ
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Gregory A. Gilliss
> Sent: Wednesday, 31 December 2003 10:05 a.m.
> To: [EMAIL PROTECTED]
> Subject: [Full-Disclosure] Look what's back for New Years
>
> All,
>
> Looks like the bogus Microsoft
"Gregory A. Gilliss" <[EMAIL PROTECTED]> mindlessly
contributed:
> Looks like the bogus Microsoft updates are back - I don't have time to
> do diags on this (probably klez or something - anyone wants a copy email
> me off-list and I'll zip it to you). Headers etc below for your
> amusement.
The
Hello
DF> Could you please give some better reason than "not good" why the on-access
DF> scanner is bad ?
On-acces scanner conceded appliance little virus, this married my spirit, and full
works programme if relatively big the resource's claim.
Kind Reards
Geza
Üdvözlettel,
Geza Papp dr.
Advisory Name
Local Denial Of Service Attack Against The SecurityServer Daemon In MacOS X,
MacOS X Server, And Darwin.
Release Date
12-30-03
Effected Platforms
Apple MacOS X, MacOS X Server, and Darwin.
Author
Matt Burnett ([EMAIL PROTECTED])
Vendor Status
No patch has been released as of 12-30
Hello
2003. december 31., 0:12:59, írtad:
>> me off-list and I'll zip it to you). Headers etc below for
>> your amusement.
BZ> Back???
BZ> They never stopped. It's Gibe-F.
BZ> part000.txt - is OK
BZ> http://www.nod32.com
RPC-DCOM viruses is never stopped, other more new variant is.
This mail r
-Original Message-
From: Thor Larholm
Sent: Tuesday, December 30, 2003 1:50 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: IE 5.22 on Mac Transmitting HTTP Referer from Secure Page
This applies to ALL versions of Internet Explorer on all systems, though
On Tue, 2003-12-30 at 13:22, Ron DuFresne wrote:
> Dan,
>
>
> comments inline
>
> On 30 Dec 2003, Daniel H. Renner wrote:
>
> > Hello Ron,
> >
> > If I appeared to be a newbie with a problem - I am not, nor am I an
> > expert who might know what that type of traffic could be.
> >
> > There cur
I haven't heard of this message before, however, many messages such as these have
header info generated ("brand spoofing"), which thus varies the sender/subject lines
from message to message.
The first thing I would do when my system boots back up is check Task Manager for
currently running pro
Thank you for your reply James - I've put my answers below yours:
On Tue, 2003-12-30 at 14:18, James C Slora Jr wrote:
> Daniel H. Renner wrote Tuesday, December 30, 2003 15:33
>
> > I had a case recently wherein one of a client's systems
> > (Win2k) could not access http, or mail traffic. At t
Hello,
I have been getting these too. Just thought they were some weird attempt
at spam, possible trying to test what makes it past spam filters. I have
seen some that had a graphic that opened that had the real message and
naturally they can check delivery with an invisible graphic if the me
54 matches
Mail list logo
