lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4559d68e.283165f2.5f47.ffff8eb6@mx.google.com>
Date: Tue, 14 Nov 2006 09:45:33 -0500
From: "ragdelaed" <ragdelaed@...il.com>
To: "'David Swafford'" <dswafford@...erhighschool.org>,
	<full-disclosure@...ts.grok.org.uk>,
	"'William Stanley'" <vegacash@...oo.com>
Subject: Re: Austin Decking 512-385-5334 Austindecking
	wholesale

>>From the original header:
Received: from [194.24.158.16] by web58409.mail.re3.yahoo.com via HTTP;
	Tue, 14 Nov 2006 00:46:24 PST
Date: Tue, 14 Nov 2006 00:46:24 -0800 (PST)
From: William Stanley <vegacash@...oo.com>
To: full-disclosure@...ts.grok.org.uk

194.24.158.16 is not lumbermax.com, it’s a box in Austria. 

If I was a spammer, it would be easy to sub a known blacklisted spammer to
try and hide my point of origin. 

"William Stanley" is the real spammer and he used a box in Austria or
"William Stanley" has nothing to do with this and someone else used a box in
Austria.

Always look for the source. Since the 194.24.158.16 address is recorded in
the header by the webmail yahoo box, I would probably say the 194.24.158.16
address is not forged. That is the originating address of this email.

Don’t believe anything else below it unless you actually sent it. It can be
forged.

And did you scan lumbermax.org from inside archbishop alter high school? If
so, be very careful about doing that. The high school administration may not
appreciate you scanning a legit company from inside their domain. And don’t
explore any of the open ports from inside the high school. 

But then again, you are listed as the high schools network engineer, so I
guess you would be the point of contact if lumbermax.com has an issue,
correct?

________________________________________
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of David
Swafford
Sent: Tuesday, November 14, 2006 9:07 AM
To: full-disclosure@...ts.grok.org.uk; William Stanley
Subject: Re: [Full-disclosure] Austin Decking 512-385-5334 Austindecking
wholesale

Golden.......
 
NMAP shows the following (lumbermax.com):
21/TCP - OPEN - FTP
22/TCP - OPEN - SSH
25/TCP - OPEN - SMTP
53/TCP - OPEN - DOMAIN
80/TCP - OPEN - HTTP
110/TCP - OPEN - POP3
111/TCP - OPEN - RPCBIND
135/TCP - FILTERED - MSRPC
137/TCP - FILTERED - NETBIOS-NS
138/TCP - FILTERED - NETBIOS-DGM
139/TCP - FILTERED - NETBIOS-SSN
143/TCP - OPEN - IMAP
443/TCP - OPEN - HTTPS
445/TCP - FILTERED - MICROSOFT-DS
593/TCP - FILTERED - HTTP-RPC-EPMAP
631/TCP - OPEN - IPP
3306/TCP - OPEN - MYSQL
 
 
- Running Apache 2.052 (so there's some exploitable flaws here as current
ver is 2.059).  Its running on a CENTOS box and the apache error says the
domain is LYFE-CARD.com
- The SMTP services are Sendmail 8.13.1
 
 
____________________________________________________
 
David A. Swafford, Network Engineer
Information Technology Team
Archbishop Alter High School
 
EC-Council Certified Ethical Hacker
 
A Cisco Systems, Inc., Certified Network Associate (CCNA) 
and a CompTIA Network+ and Security+ Certified Professional


<snip>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ