Full Disclosure mailing list archives
Re: Austin Decking 512-385-5334 Austindecking wholesale
From: "Bardus Populus" <disclosure () wykkyd securecoffee com>
Date: Tue, 14 Nov 2006 16:48:13 -0500 (EST)
I sit here wondering how valuable (or legitimate) the certifications Mr Swafford sites in his sig really are when he scanned some company server because he was too [lazy|ignorant|distracted] to read the mail headers or perform some simple whois queries, nslookups or a traceroute (all fairly benign and non-intrusive). "Owning" a uri does not mean they own or host the server. Lumbermax is listed as an Austin, TX, USA company, and is hosted on an "ironhosting" server - the company mentioned coincidentally in the second spam purportedly from Mr Stanley. www.lumbermax.com resolves to 66.185.124.10 which is IP space residing in Illinois. So, you nmap scanned a company residing in Austin TX, which is really a website hosted on a server in Illinois, because of a spam sent originally from a system in Austria. I would have thought a CEH/CCNA/Network+/Security+ could (or would) have done better. -bp
From the original header:Received: from [194.24.158.16] by web58409.mail.re3.yahoo.com via HTTP; Tue, 14 Nov 2006 00:46:24 PST Date: Tue, 14 Nov 2006 00:46:24 -0800 (PST) From: William Stanley <vegacash () yahoo com> To: full-disclosure () lists grok org uk 194.24.158.16 is not lumbermax.com, its a box in Austria. If I was a spammer, it would be easy to sub a known blacklisted spammer to try and hide my point of origin. "William Stanley" is the real spammer and he used a box in Austria or "William Stanley" has nothing to do with this and someone else used a box in Austria. Always look for the source. Since the 194.24.158.16 address is recorded in the header by the webmail yahoo box, I would probably say the 194.24.158.16 address is not forged. That is the originating address of this email. Dont believe anything else below it unless you actually sent it. It can be forged. And did you scan lumbermax.org from inside archbishop alter high school? If so, be very careful about doing that. The high school administration may not appreciate you scanning a legit company from inside their domain. And dont explore any of the open ports from inside the high school. But then again, you are listed as the high schools network engineer, so I guess you would be the point of contact if lumbermax.com has an issue, correct? ________________________________________ From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of David Swafford Sent: Tuesday, November 14, 2006 9:07 AM To: full-disclosure () lists grok org uk; William Stanley Subject: Re: [Full-disclosure] Austin Decking 512-385-5334 Austindecking wholesale Golden....... NMAP shows the following (lumbermax.com): 21/TCP - OPEN - FTP 22/TCP - OPEN - SSH 25/TCP - OPEN - SMTP 53/TCP - OPEN - DOMAIN 80/TCP - OPEN - HTTP 110/TCP - OPEN - POP3 111/TCP - OPEN - RPCBIND 135/TCP - FILTERED - MSRPC 137/TCP - FILTERED - NETBIOS-NS 138/TCP - FILTERED - NETBIOS-DGM 139/TCP - FILTERED - NETBIOS-SSN 143/TCP - OPEN - IMAP 443/TCP - OPEN - HTTPS 445/TCP - FILTERED - MICROSOFT-DS 593/TCP - FILTERED - HTTP-RPC-EPMAP 631/TCP - OPEN - IPP 3306/TCP - OPEN - MYSQL - Running Apache 2.052 (so there's some exploitable flaws here as current ver is 2.059). Its running on a CENTOS box and the apache error says the domain is LYFE-CARD.com - The SMTP services are Sendmail 8.13.1 ____________________________________________________ David A. Swafford, Network Engineer Information Technology Team Archbishop Alter High School EC-Council Certified Ethical Hacker A Cisco Systems, Inc., Certified Network Associate (CCNA) and a CompTIA Network+ and Security+ Certified Professional <snip> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Austin Decking 512-385-5334 Austin decking wholesale William Stanley (Nov 14)
- Re: Austin Decking 512-385-5334 Austin decking wholesale Alan J. Wylie (Nov 14)
- Re: Austin Decking 512-385-5334 Austindecking wholesale David Swafford (Nov 14)
- Re: Austin Decking 512-385-5334 Austindecking wholesale ragdelaed (Nov 14)
- Re: Austin Decking 512-385-5334 Austindecking wholesale Bardus Populus (Nov 14)
- Re: Austin Decking 512-385-5334 Austindecking wholesale Nick FitzGerald (Nov 14)
- Re: Austin Decking 512-385-5334 Austindecking wholesale ragdelaed (Nov 14)
- <Possible follow-ups>
- Re: Austin Decking 512-385-5334 Austin decking wholesale Jeb Osama (Nov 14)
- Re: Austin Decking 512-385-5334 Austin decking wholesale Karl Ordnung (Nov 14)
- Re: Austin Decking 512-385-5334 Austin decking wholesale Nick FitzGerald (Nov 14)
- Re: Austin Decking 512-385-5334 Austin decking wholesale Karl Ordnung (Nov 14)
- Re: Austin Decking 512-385-5334 Austin decking wholesale imipak (Nov 14)