Security Incidents mailing list archives

Re: Dumb ISP of the week

From: UnixGeek <ed () XWING CENTIGRAM COM>
Date: Mon, 21 Aug 2000 14:24:44 -0700

Oh don't even get me started on Pac Bell.  I've been getting massive
telnet and imap scans from one of their IP's (63.203.107.5), which appears
to be a Linux box(and probably a rooted one).  Think Pac Bell/SBC has even
looked at my email yet?  [keeping in mind the fact that I get my
'enhanced' DSL from PB/SBC as well]

uGh....

                            Edward Mitchell
        Centigram Unix Geek, BOfH, Network Admin, Darth Sysadmin
                         ed () xwing centigram com
                      http://www.the7thbeer.com/ed
                          Sheepish Lord of Chaos
--------------------------------------------------------------
"Fear leads to anger. Anger leads to hate. Hate leads to using
Windows NT for mission-critical applications."
     -- What Yoda *meant* to say

On Mon, 21 Aug 2000, John Pettitt wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This weeks prize goes to Shawna at  PacBell (aka SBC) - see below

Date: Mon, 21 Aug 2000 04:21:38 -0700 (PDT)
From: support_replies () pacbell net
Subject: Re : Security issue
To: jpp () cloudview com

Hello User jpp () cloudview com,
I have received your email regarding your security issue.
E-mail the postmaster from where the e-mail came. For instance,
if the mail came from userID () someisp net, forward it and a complaint
to postmaster () someisp net. This should resolve your issue.
Thank you for choosing SBC Internet Services.
Regards,
Shawna
Technical Analyst
SBC Internet Services
Try our online help at http://support.pacbell.net
Remember its quick, hassle free, and is always available!
~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~
You Wrote :
We detected the following security related activity from your network.

To: root () cloudview com
Subject: gatekeeper 08/19/00:04.59 system check
Date: Sat, 19 Aug 2000 04:59:02 -0700 (PDT)
From: root () cloudview com (Superuser)


Security Violations
=-=-=-=-=-=-=-=-=-=
Aug 19 04:13:08 gatekeeper snort[5740]: IDS277 - NAMED Iquery Probe:
209.233.27.39:2482 -> 216.103.77.155:53
Aug 19 04:13:08 gatekeeper snort[5740]: MISC-DNS-version-query:
209.233.27.39:2482 -> 216.103.77.155:53



Arrrgggghhh,





John Pettitt                                     Email: jpp () cloudview com

"Attention spam" - The length of time it takes you to realize an email
isn't worth reading.

PGP keys on MIT & pgp.com servers.
Fingerprint: 81B5 446D 3E0E 1CDE 5A45  644A A744 54C4 7886 3658

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3
Comment: Get my keys from the pgp.com LDAP server

iQA/AwUBOaFxfKdEVMR4hjZYEQKEYACfUqNJKanGdEnOPVaJvTaMChXCAwEAn1Pl
AIqjcKASK6+0u+QBSymJoHIB
=y9tR
-----END PGP SIGNATURE-----

Current thread:

Dumb ISP of the week John Pettitt (Aug 21)
- Re: Dumb ISP of the week UnixGeek (Aug 21)
- Re: Dumb ISP of the week Wozz (Aug 22)
  - Re: Dumb ISP of the week John Pettitt (Aug 22)
    - Re: Dumb ISP of the week Wozz (Aug 22)
- <Possible follow-ups>
- Re: Dumb ISP of the week Scott Bishop (Aug 22)
  - Re: Dumb ISP of the week Bryan Andersen (Aug 22)