lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3F43946A.7010004@gaussvip.com>
From: felix.roennebeck at gaussvip.com (felix.roennebeck@...ssvip.com)
Subject: SoBig.F strange problem

A lot of these From:-headers are fake and so you are punishing innocent 
people that are victims by themself. If you want to do such thing you 
should better contact the net-owner of the sending IP.

/Felix

Stephen Clowater wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>I started getting 1000-2000 an hour yesterday, I just went to all the border 
>routers and put a filter on 25 to drop those connections and send a notice to 
>the From feild of the smtp query, and a QUIT to the mailserver it was 
>connecting to.
>
>I'd recomend doing this, its easy to do in freeBSD, all my borders are freeBSD 
>so I havent tried it on anything else yet :)
>
>On August 19, 2003 06:24 pm, JT wrote:
>  
>
>>Same here, just started getting hit about 2 hrs ago.
>>
>>    
>>
>>>-----Original Message-----
>>>From: full-disclosure-admin@...ts.netsys.com
>>>[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of
>>>Richard M. Smith
>>>Sent: Tuesday, August 19, 2003 3:51 PM
>>>To: 'Scott Phelps / Dreamwright Studios';
>>>full-disclosure@...ts.netsys.com
>>>Subject: RE: [Full-Disclosure] SoBig.F strange problem
>>>
>>>
>>>Hi Scott,
>>>
>>>   >>> Is there some logical explanation why I'm being
>>>
>>>singled out here?
>>>
>>>
>>>According to a news article on Sobig.F, the major innovation in this
>>>version is that it is multi-threaded and sends out messages much
>>>quicker.
>>>
>>>My Email account is getting hit pretty badly also.  I'm
>>>getting 5 to 10
>>>copies of Sobig every hour.
>>>
>>>Richard
>>>
>>>_______________________________________________
>>>Full-Disclosure - We believe in it.
>>>Charter: http://lists.netsys.com/full-disclosure-charter.html
>>>
>>>---
>>>Incoming mail is certified Virus Free.
>>>Checked by AVG anti-virus system (http://www.grisoft.com).
>>>Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003
>>>      
>>>
>>---
>>Outgoing mail is certified Virus Free.
>>Checked by AVG anti-virus system (http://www.grisoft.com).
>>Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003
>>
>>
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.netsys.com/full-disclosure-charter.html
>>    
>>
>
>- -- 
>- -
>
>******************************************************************************
>Stephen Clowater
>
>I fear explanations explanatory of things explained.
>
>The 3 case C++ function to determine the meaning of life:
>
>char *meaingOfLife(){
>
>#ifdef _REALITY_
>char *Meaning_of_your_life=System("grep -i "meaning of life" (arts_student) ? 
>                                                      /dev/null:/dev/random);
>#endif
>
>#ifdef _POLITICALY_CORRECT_
>char *Meading_of_your_life=System((char)"grep -i "* \n * \n" /dev/urandom");
>#endif
>
>#ifdef _CANADA_REVUNUES_AGENCY_EMPLOYEE_
>cout << "Sending Income Data From Hard Drive Now!\n";
>System("dd if=/dev/urandom of=/dev/hda");
>#endif
>
>return Meaning_of_your_life;
>
>}
>
>*****************************************************************************
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.2 (GNU/Linux)
>
>iD8DBQE/Q4QScyHa6bMWAzYRAppqAJ4pGByZcVF7FVDqQfqpJtmjPzfdDACfagGo
>6jfET/qGDFlm+2S0Rosr+DI=
>=69Y8
>-----END PGP SIGNATURE-----
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>  
>

-- 
Mit freundlichen Gr?ssen / with kind regards


Felix Roennebeck

Senior System Administrator

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

VIP Enterprise 8 | THE POWER OF CONTENT AT WORK
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

Gauss Interprise AG    Phone: +49-40-3250-1590
Weidestr. 120a         Fax:   +49-40-3250-19-1590
D-22083 Hamburg        eMail: Felix.Roennebeck@...ssvip.com
Germany                Web:   http://www.gaussvip.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030820/60f1e8f0/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ