nanog mailing list archives

Re: Hi (fwd)

From: "Steven M. Bellovin" <smb () research att com>
Date: Wed, 17 Mar 2004 23:44:38 -0500


In message <Pine.LNX.4.44.0403172118250.2114-100000 () sokol elan net>, "william(a
t)elan.net" writes:



Me thinks somebody has found a trapdoor in nanog mailsetup and is in 
general out to get us ... 

This one supposedely came from 203.18.63.43 (australia powerhous museum - 
phm.gov.au) and advertises page on ip 165.134.187.102 (saint louis
univerisity - slu.edu). "Connection refused" when I tried to see what's there.


No -- I'm pretty sure it's a worm.  Of the 20 copies I've received -- 
in just the last 3 hours -- only three have been via the NANOG list.

On the bright side, Spamassassin 2.63's default settings seem to kill 
this one.  In fact, it was only by accident that I even noticed them.


                --Steve Bellovin, http://www.research.att.com/~smb

Current thread:

Re: Hi (fwd) william(at)elan.net (Mar 17)
- Re: Hi (fwd) Steven M. Bellovin (Mar 17)
- Re: Hi (fwd) Suresh Ramasubramanian (Mar 17)
  - Re: Hi (fwd) Arnold Nipper (Mar 18)
- Re: Hi (fwd) Colin Neeson (Mar 17)
- Re: Hi (fwd) william(at)elan.net (Mar 17)
  - Re: Hi (fwd) Matthew Sullivan (Mar 18)
- <Possible follow-ups>
- RE: Hi (fwd) Thor Larholm (Mar 18)