Re: Possible scam: "Network Abuse"

[Vadim Antonov <avg () pluris com>]

Begging?  That may be a lot more malicious. "Give me your firewall's
password so i can fix it".  Sure, dude.

--vadim

> From errors-nohumans () merit edu Tue Aug  4 20:57:38 1998
X-UIDL: fc9be4f13610259e5d584676031c5dcc
Date: Tue, 04 Aug 1998 20:46:51 -0700 (MST)
From: Ehud Gavron <GAVRON () ACES COM>
Subject: Possible scam: "Network Abuse"
To: nanog () merit edu
Cc: GAVRON () ACES COM
Organization: ACES Research Inc.
MIME-version: 1.0
Content-type: MULTIPART/MIXED; BOUNDARY="Boundary_[ID_5lnQtjNa7nT7upy77S5Jzg]"
Sender: owner-nanog () merit edu


--Boundary_[ID_5lnQtjNa7nT7upy77S5Jzg]
Content-type: TEXT/PLAIN; CHARSET=US-ASCII

This "fellow" sent out this email.

Unfortunately, our networks were not used to attack him (or anyone),
and upon request for NTP-stamped logs, he quit responding to email.

I recommend warning your downstreams that this kind of scam is only
just begging.  Imagine... $100 for "no ip direc...."

E

--Boundary_[ID_5lnQtjNa7nT7upy77S5Jzg]
Content-type: MESSAGE/RFC822

Return-path: <wrath () ns1 jerky net>
Received: from ns1.jerky.net by ACES.COM (PMDF V5.1-7 #EHUD)
 with ESMTP id <01IZZYRAD8E891W60X () ACES COM> for gavron; Thu,
 30 Jul 1998 04:29:16 MST
Received: (from wrath@localhost) by ns1.jerky.net (8.8.7/8.8.7)
 id MAA06007 for gavron () ACES COM; Thu, 30 Jul 1998 12:31:26 +0000 (GMT)
Date: Thu, 30 Jul 1998 12:31:26 +0000 (GMT)
From: Andrew Shoemaker <wrath () jerky net>
Subject: Network Abuse - Netblock 198.182.116.0 - IMPORTANT
To: "gavron () ACES COM" <gavron () ACES COM>
Message-id: <199807301231.MAA06007 () ns1 jerky net>
MIME-version: 1.0
Content-type: TEXT/PLAIN; CHARSET=US-ASCII

Hello

My name is Andrew Shoemaker and I am the head security consultant at JNS. We recently were the target of a denial of 
service attack that saturated our Internet connection.  This attack, known as a 'smurf' attack, uses unknowing relays 
to source the at
tack.  By relaying the attack through your network the attack is made anonymous and increases in strength.  This type 
of attack causes degraded performance on both the attacked and relay networks and is the result of an improperly 
configured router at you
r site.  I urge you to fix your routers.  If you are unable to do so, or do not know how I suggest you call a security 
consultant.  JNS is willing to fix your router permanently for a one time fee of $100 US.  If you are interested in 
this deal please co
ntact me and I will send you a copy of our security contract and an invoice.

Netblock 198.182.116.0 was found to produce 19 replys for each packet sent.  This means if the attacker is sending at 
T1 speeds the amount of your bandwidth used in relaying
 the attack is equivalent to 19 T1s

regards,
Andrew Shoemaker
JNS Security
wrath () jerky net
617.442.5408

--Boundary_[ID_5lnQtjNa7nT7upy77S5Jzg]--