bradsby
--
--
Johannes Ullrich [EMAIL PROTECTED]
pgp key: http://johannes.homepc.org/PGPKEYS
--
We regret to inform you that we do not enable any
lists like these are not average home users. Most
of us here have seen a DOS prompt at some point and know
about Service Packs and Hotfixes.
--
--
Johannes Ullrich [EMAIL PROTECTED]
pgp key: http://johannes.homepc.org
some basic protection now, or a few businesses?
--
--
Johannes Ullrich [EMAIL PROTECTED]
pgp key: http://johannes.homepc.org/PGPKEYS
--
We regret
your 'abuse' team out for lunch on the change
you save by blocking the ports ;-)
--
--
Johannes Ullrich [EMAIL PROTECTED]
pgp key: http://johannes.homepc.org/PGPKEYS
.
There are 10 kinds of people in the world. Those who understand binary
and those that don't.
ISPs should either block the mentioned ports, or send out bills in
binary.
--
--
Johannes Ullrich [EMAIL PROTECTED]
pgp
files unencrypted using MSFT file sharing. If I can
manage to inject the necessary traffic between all the Nachia Pings and
Blaster scans.
--
--
Johannes Ullrich [EMAIL PROTECTED]
pgp key: http://johannes.homepc.org
' and 'Setting up a VCR clock'. Lets face
it: Some things are better left to the experts.
--
--
Johannes Ullrich [EMAIL PROTECTED]
pgp key: http://johannes.homepc.org/PGPKEYS
MSFT Windows. So I don't think you have a
choice other than to live with it.
--
--
Johannes Ullrich [EMAIL PROTECTED]
pgp key: http://johannes.homepc.org/PGPKEYS
can't remember where you parked your car.
--
--
Johannes Ullrich [EMAIL PROTECTED]
pgp key: http://johannes.homepc.org/PGPKEYS
--
We regret to inform
.
--
--
Johannes Ullrich [EMAIL PROTECTED]
pgp key: http://johannes.homepc.org/PGPKEYS
--
We regret to inform you that we do not enable any of the
security functions within the routers
to be true.. I haven't seen any
code yet but--
http://lists.netsys.com/pipermail/full-disclosure/2003-August/007717.html
--
--
Johannes Ullrich [EMAIL PROTECTED]
pgp key: http://johannes.homepc.org/PGPKEYS
On Thu, 3 Apr 2003 10:05:55 -0500
McBurnett, Jim [EMAIL PROTECTED] wrote:
I just made a number of abuse complaints to a provider and then after contacting the
abuse #.
I got told that they don't use abuse@ anymore. that abuse.cc is the new email
address.
Correct me if I am wrong,
I would look for something like an IRC bot. Zonealarm may not
catch it if it is on there for a while and some user 'permitted'
it at some point. Usually, these bots have names to sound like
system binaries. Anti virus software may not catch the agent.
Do you have any full packet captures from
My (1 year old) Dell Inspiron 8100 has a serial port. And I believe the later
Inspiron models still have them.
On Fri, 21 Mar 2003 16:36:46 -0500
Dave Israel [EMAIL PROTECTED] wrote:
Seems like these are all but extinct, but does anyone know of a
'new' notebook that has a serial
Are other people having problems with this right now?
There doesn't seem to be very much traffic or information about this on any of
the security lists (it is Sunday...).
The last posted URL points to an impending storm...
Other operators opinions about blocking port 445 before this
ISPs and other communication providers should be prepared to share
information directly and quickly with each other. If you wait to hear
from government officials to decide what sanitized information to share,
it will be hours later. If ever.
If anybody is interested here, I did put
On the other hand, Timeline's case is YEARS old and they are going
after treble damages from companies who just took Microsoft's word
that there was nothing to worry about. Some people should be VERY
nervous, indeed.
Thats the part that worries me greatly. This general idea may apply
to a
There are still 10K-20K hosts spewing M$SQL slammer/sapphire packets,
and I'd like to start blocking routing to those irresponsible AS's
that haven't blocked their miscreant customers.
Its too early for such harsh measures. Unless you can live without
most major consumer ISPs.
I don't
Then you'd better reach over to all of your upstream routers and just pull
the plug, since you are likely to see Sapphire packets from here on in, on a
regular basis.
Better is to do the whois lookup and send pre-formatted e-mail about the
infected server as people did after Code-Red.
+-+
| 216.069.032.086 | Kentucky Community and Technical College System
| 066.223.041.231 | Interland
| 216.066.011.120 | Hurricane Electric
| 216.098.178.081 | V-Span, Inc.
+-+
HE.net seems to be a reoccuring theme. (I speak to evil of them --
What I'm seeing from on my personal network connections is a lot of
traffic to udp port 1434 start at 05:30:08 UTC.
I did some graphing of reports we got to DShield/ISC up to 9am EST.
http://isc.sans.org/port1434start.gif
The part that amazes me is the speed. It saturated within 1 minute!
Here are the IPs I got at 5:29:40 GMT, the time I got 10 packets / second
+-+
| source |
+-+
| 216.069.032.086 | Kentucky Community and Technical College System
| 066.223.041.231 | Interland
| 216.066.011.120 | Hurricane Electric
| 216.098.178.081 |
*shrug* just seems like it would make more sense to block all incoming
'syn' packets.
Wouldn't that be faster than inspecting the destination port against two
seperate rules?
blocking all SYN's will break too much other stuff (Instant Messangers,
games ...). I think we would be much better
i've had absolutely no luck getting the source isp's to care about
the problems i've seen at my home firewall in recent weeks. (see
below if you wonder whether i'm implicating anyone here.) there's
no other way to view the internet than as a worm-infested zombie.
hehe... I know the
Perhaps something I've mised, but is ARIN.Net no longer handling
lookups? I usually use them to find offending users but got this
when doing a lookup.
No match for 64.124.168.60
I did have the same problem yesterday (Wednesday). Looks like it
is working today. Maybe some leftover bug from
http://www.nytimes.com/2002/11/19/nyregion/19FUEL.html
...
While almost everyone on this list knows which building is the subject
of the article, we can discuss the issue without discussing the
particular building.
On-site fuel storage is one of those double-edge swords.
The article is
Even if you assume
100% efficiency, the tank is still going to me, um, rather largish.
That's what happens if you forget a ';-)' ...
;-)
--
[EMAIL PROTECTED] Collaborative Intrusion Detection
On Tue, 5 Nov 2002 14:25:59 -1000
Michael Painter [EMAIL PROTECTED] wrote:
- Original Message -
From: Daniel Senie [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, November 05, 2002 1:51 PM
Subject: Attacker Data / Wall of Shame
We have had enough regular attacks on
BTW: A rather complete list of NTP products:
http://www.eecis.udel.edu/~ntp/hardware.html
Some low price products from random browsing through the list
$ 1,400
http://www.zyfer.com/products/prod_index.html
$ 380
http://www.gpsclock.com/specs.html (looks like serial output only..)
--
The record labels don't want to give you that choice. If you read the
complaint you'll notice the record companies never attempted to contact
the immediate upstream ISP in China. ...
rant opinion=mine
Well, maybe the record industry doesn't want to interfere
with the 'anti-copy'
I do not recommend adding every IP listed at DShield to your filter
/understatement.
I took a short while to peruse the data collected and distributed by
DShield. I don't believe I need to go into the many reasons (I'm sure
you know yourself) why this information is completely
From the same URL:
The bill encourages ISPs to report suspicious activity on their networks
(whatever that might be), even if it poses no immediate threat, and shield
them from lawsuits from anyone
so just forward the spam to the authorities... after all, it is suspicous.
Maybe some Al
Unfortunately, things like TCP ECN and ICMP 'Frag Needed' are often considered
funny packets.
I know ECN etc have been used to evade firewalls but afaik have not been
known in and of themselves to compromise or crash hosts or make them do
any funny things besides dropping the packets
33 matches
Mail list logo
