[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4559d68e.283165f2.5f47.ffff8eb6@mx.google.com>
Date: Tue, 14 Nov 2006 09:45:33 -0500
From: "ragdelaed" <ragdelaed@...il.com>
To: "'David Swafford'" <dswafford@...erhighschool.org>,
<full-disclosure@...ts.grok.org.uk>,
"'William Stanley'" <vegacash@...oo.com>
Subject: Re: Austin Decking 512-385-5334 Austindecking
wholesale
>>From the original header:
Received: from [194.24.158.16] by web58409.mail.re3.yahoo.com via HTTP;
Tue, 14 Nov 2006 00:46:24 PST
Date: Tue, 14 Nov 2006 00:46:24 -0800 (PST)
From: William Stanley <vegacash@...oo.com>
To: full-disclosure@...ts.grok.org.uk
194.24.158.16 is not lumbermax.com, its a box in Austria.
If I was a spammer, it would be easy to sub a known blacklisted spammer to
try and hide my point of origin.
"William Stanley" is the real spammer and he used a box in Austria or
"William Stanley" has nothing to do with this and someone else used a box in
Austria.
Always look for the source. Since the 194.24.158.16 address is recorded in
the header by the webmail yahoo box, I would probably say the 194.24.158.16
address is not forged. That is the originating address of this email.
Dont believe anything else below it unless you actually sent it. It can be
forged.
And did you scan lumbermax.org from inside archbishop alter high school? If
so, be very careful about doing that. The high school administration may not
appreciate you scanning a legit company from inside their domain. And dont
explore any of the open ports from inside the high school.
But then again, you are listed as the high schools network engineer, so I
guess you would be the point of contact if lumbermax.com has an issue,
correct?
________________________________________
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of David
Swafford
Sent: Tuesday, November 14, 2006 9:07 AM
To: full-disclosure@...ts.grok.org.uk; William Stanley
Subject: Re: [Full-disclosure] Austin Decking 512-385-5334 Austindecking
wholesale
Golden.......
NMAP shows the following (lumbermax.com):
21/TCP - OPEN - FTP
22/TCP - OPEN - SSH
25/TCP - OPEN - SMTP
53/TCP - OPEN - DOMAIN
80/TCP - OPEN - HTTP
110/TCP - OPEN - POP3
111/TCP - OPEN - RPCBIND
135/TCP - FILTERED - MSRPC
137/TCP - FILTERED - NETBIOS-NS
138/TCP - FILTERED - NETBIOS-DGM
139/TCP - FILTERED - NETBIOS-SSN
143/TCP - OPEN - IMAP
443/TCP - OPEN - HTTPS
445/TCP - FILTERED - MICROSOFT-DS
593/TCP - FILTERED - HTTP-RPC-EPMAP
631/TCP - OPEN - IPP
3306/TCP - OPEN - MYSQL
- Running Apache 2.052 (so there's some exploitable flaws here as current
ver is 2.059). Its running on a CENTOS box and the apache error says the
domain is LYFE-CARD.com
- The SMTP services are Sendmail 8.13.1
____________________________________________________
David A. Swafford, Network Engineer
Information Technology Team
Archbishop Alter High School
EC-Council Certified Ethical Hacker
A Cisco Systems, Inc., Certified Network Associate (CCNA)
and a CompTIA Network+ and Security+ Certified Professional
<snip>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists