| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun Apr 17 16:31:07 2005
From: shadow333 at gmail.com (Oliver Leitner)
Subject: [infosec-discuss] Question about spam in Packet
Captures
Randall M wrote:
>I have used ethereal only in-house on our domain. At home I thought I would
>test some software firewalls for the mobile users. I ran ethereal also. Set
>the computer in the DMz. Came back in this morning and looked over the logs
>from ethereal. I found these NetrSendMessage request that I am not
>familiar with. Here is a short one:
>___________________________________________
>0000 00 07 e9 5c 5c ac 00 50 bf 94 a3 2e 08 00 45 00 ...\\..P......E.
>0010 01 67 00 00 40 00 2e 11 51 5c 3d ac f9 c8 c0 a8 .g..@...Q\=.....
>0020 02 0d 81 11 04 02 01 53 f7 63 04 00 28 00 10 00 .......S.c..(...
>0030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
>0040 00 00 f8 91 7b 5a 00 ff d0 11 a9 b2 00 c0 4f b6 ....{Z........O.
>0050 e6 fc e7 49 af 5a ea d0 45 03 b9 da ad 75 2e 3e ...I.Z..E....u.>
>0060 c1 8a 00 00 00 00 01 00 00 00 00 00 00 00 00 00 ................
>0070 ff ff ff ff fb 00 00 00 00 00 10 00 00 00 00 00 ................
>0080 00 00 10 00 00 00 53 59 53 54 45 4d 00 00 00 00 ......SYSTEM....
>0090 00 00 00 00 00 00 10 00 00 00 00 00 00 00 10 00 ................
>00a0 00 00 41 4c 45 52 54 00 00 00 00 00 00 00 00 00 ..ALERT.........
>00b0 00 00 b7 00 00 00 00 00 00 00 b7 00 00 00 4d 69 ..............Mi
>00c0 63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20 crosoft Windows
>00d0 68 61 73 20 65 6e 63 6f 75 6e 74 65 64 20 61 6e has encounted an
>00e0 20 49 6e 74 65 72 6e 61 6c 20 45 72 72 6f 72 0a Internal Error.
>00f0 59 6f 75 72 20 77 69 6e 64 6f 77 73 20 72 65 67 Your windows reg
>0100 69 73 74 72 79 20 69 73 20 63 6f 72 72 75 70 74 istry is corrupt
>0110 65 64 2e 0a 4d 69 63 72 6f 73 6f 66 74 20 72 65 ed..Microsoft re
>0120 63 6f 6d 6d 65 6e 64 73 20 61 20 63 6f 6d 70 6c commends a compl
>0130 65 74 65 20 73 79 73 74 65 6d 20 73 63 61 6e 2e ete system scan.
>0140 0a 56 69 73 69 74 20 74 68 69 73 20 77 65 62 73 .Visit this webs
>0150 69 74 65 20 74 6f 20 72 65 70 61 69 72 2e 0a 0a ite to repair...
>0160 68 74 74 70 3a 2f 2f 65 2d 72 65 67 66 69 78 2e http://e-regfix.
>0170 63 6f 6d 0a 00 com..
>----------------------------------------------------------------------------
>------------
>
>
looks like a net send to me, does this computer has the net send
(messaging service) switched on?
if so, then thats an old trick...
>Has spamming been going on like this always? Another message stated
>that Buffer Overflow causes computer shutdowns" and then procceded to
>point me to a "www.upgradenow.org" to protect from this. I just never
>noticed this before and thought "Great! Spam is everywhere!"
>
>The advertisers where:
>E-REGFIX.COM
>ERRORFIXER.COM
>UPGRADENOW.ORG
>
>
>
>thank you
>Randall M
>
>"If we ever forget that we're one nation under God, then we will be a nation
>gone under."
>- Ronald Reagan
>_________________________________
>
>
>
>
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
Greetings
Oliver Leitner
Technical Staff
http://www.shells.at
Powered by blists - more mailing lists