lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20050417141927.995A7203@lists.grok.org.uk>
Date: Sun Apr 17 15:19:33 2005
From: randallm at fidmail.com (Randall M)
Subject: Question about spam in Packet Captures

I have used ethereal only in-house on our domain. At home I thought I would
test some software firewalls for the mobile users. I ran ethereal also. Set
the computer in the DMz. Came back in this morning and looked over the logs
from ethereal. I found these NetrSendMessage request that I am not
familiar with. Here is a short one:
___________________________________________
0000   00 07 e9 5c 5c ac 00 50 bf 94 a3 2e 08 00 45 00  ...\\..P......E.
0010   01 67 00 00 40 00 2e 11 51 5c 3d ac f9 c8 c0 a8  .g..@...Q\=.....
0020   02 0d 81 11 04 02 01 53 f7 63 04 00 28 00 10 00  .......S.c..(...
0030   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0040   00 00 f8 91 7b 5a 00 ff d0 11 a9 b2 00 c0 4f b6  ....{Z........O.
0050   e6 fc e7 49 af 5a ea d0 45 03 b9 da ad 75 2e 3e  ...I.Z..E....u.>
0060   c1 8a 00 00 00 00 01 00 00 00 00 00 00 00 00 00  ................
0070   ff ff ff ff fb 00 00 00 00 00 10 00 00 00 00 00  ................
0080   00 00 10 00 00 00 53 59 53 54 45 4d 00 00 00 00  ......SYSTEM....
0090   00 00 00 00 00 00 10 00 00 00 00 00 00 00 10 00  ................
00a0   00 00 41 4c 45 52 54 00 00 00 00 00 00 00 00 00  ..ALERT.........
00b0   00 00 b7 00 00 00 00 00 00 00 b7 00 00 00 4d 69  ..............Mi
00c0   63 72 6f 73 6f 66 74 20 57 69 6e 64 6f 77 73 20  crosoft Windows 
00d0   68 61 73 20 65 6e 63 6f 75 6e 74 65 64 20 61 6e  has encounted an
00e0   20 49 6e 74 65 72 6e 61 6c 20 45 72 72 6f 72 0a   Internal Error.
00f0   59 6f 75 72 20 77 69 6e 64 6f 77 73 20 72 65 67  Your windows reg
0100   69 73 74 72 79 20 69 73 20 63 6f 72 72 75 70 74  istry is corrupt
0110   65 64 2e 0a 4d 69 63 72 6f 73 6f 66 74 20 72 65  ed..Microsoft re
0120   63 6f 6d 6d 65 6e 64 73 20 61 20 63 6f 6d 70 6c  commends a compl
0130   65 74 65 20 73 79 73 74 65 6d 20 73 63 61 6e 2e  ete system scan.
0140   0a 56 69 73 69 74 20 74 68 69 73 20 77 65 62 73  .Visit this webs
0150   69 74 65 20 74 6f 20 72 65 70 61 69 72 2e 0a 0a  ite to repair...
0160   68 74 74 70 3a 2f 2f 65 2d 72 65 67 66 69 78 2e  http://e-regfix.
0170   63 6f 6d 0a 00                                   com..
----------------------------------------------------------------------------
------------

Has spamming been going on like this always? Another message stated
that Buffer Overflow causes computer shutdowns" and then procceded to
point me to a "www.upgradenow.org" to protect from this. I just never
noticed this before and thought "Great! Spam is everywhere!"

The advertisers where:
E-REGFIX.COM
ERRORFIXER.COM
UPGRADENOW.ORG



thank you
Randall M

"If we ever forget that we're one nation under God, then we will be a nation
gone under." 
- Ronald Reagan
_________________________________

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050417/db23dfca/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ