On Thu, Nov 28, 2013 at 11:27:42PM +0000, Sampsa Laine wrote:
I think we'll need some kind of driving license system for running servers at some point, this botnet stuff is just ridiculous :)
I don't believe in that. But I've always wondered why
ISPs aren't more proactive. You'd think it is in their
interest and they should have the expertise.
/P
Find their outgoing mail server, nmap -P0 -p1-65535 -T5 on a loop for a few days...
Should slow the fuckers down.... :)
sampsa <sampsa at mac.com>
mobile +44 7961 149465
On 29 Nov 2013, at 04:59, Gregg Levine <gregg.drwho8 at gmail.com> wrote:
Hello!
Last month I was getting spammed by an idiot who refused to honor the
removal requests sent back from his own clients. I contacted the
services that were foolish enough to allow him to operate. Further
along one chap did in fact realize that I was indeed right regarding
that bozo, he then did the magic needed to close that account.
Eventually it stopped.
Now regarding VersaWeb, here's an idea, each time that idiot spams
you, explain to them that they owe you a fixed amount of currency, US
of course.
Do they have an abuse@ e-mail address? Send that note to them there
that the bozo is indeed spamming you, and further the more he
continues to do it, the more they will owe you a fixed amount over 50
dollars US.
Regarding for example those annoying people over in a country that has
other problems........ Never mind.
Let's move this back on topic.
-----
Gregg C Levine gregg.drwho8 at gmail.com
"This signature fought the Time Wars, time and again."
On Thu, Nov 28, 2013 at 11:38 PM, Cory Smelosky <b4 at gewt.net> wrote:
On Fri, 29 Nov 2013, Sampsa Laine wrote:
On 29 Nov 2013, at 03:48, Gregg Levine <gregg.drwho8 at gmail.com> wrote:
Hello!
Interesting problem that one, Sampsa as applied to the Asterisk PBX.
Now the important question, who is or was hosting them? I might know
of them?
It's hosted in a colo facility operated by NETRIPLEX LLC - I actually
sent them the message as an act of goodwill, the PBX operator probably
DOESN'T want to be compromised like this :)
Now if only VersaWeb would shitcan this spammer that keeps spamming me...I
wish companies were more like the one you contacted that cared.
A compromised NAS, interesting. It might have been deliberately spun
up that way.....
That was in China - I don't even bother contacting their abuse points,
useless...
I got annoyed with those not working so I contemplated contacting ARIN or
the CEO directly. The CEO never emailed me back.
And I agree with you regarding the drivers license and the server issues.
It is getting ludicrous. Soon we'll all be behind NAT "for our own
safety". Ugh.
Yup...
--
Cory Smelosky
http://gewt.net Personal stuff
http://gimme-sympathy.org Projects
Hello!
Last month I was getting spammed by an idiot who refused to honor the
removal requests sent back from his own clients. I contacted the
services that were foolish enough to allow him to operate. Further
along one chap did in fact realize that I was indeed right regarding
that bozo, he then did the magic needed to close that account.
Eventually it stopped.
Now regarding VersaWeb, here's an idea, each time that idiot spams
you, explain to them that they owe you a fixed amount of currency, US
of course.
Do they have an abuse@ e-mail address? Send that note to them there
that the bozo is indeed spamming you, and further the more he
continues to do it, the more they will owe you a fixed amount over 50
dollars US.
Regarding for example those annoying people over in a country that has
other problems........ Never mind.
Let's move this back on topic.
-----
Gregg C Levine gregg.drwho8 at gmail.com
"This signature fought the Time Wars, time and again."
On Thu, Nov 28, 2013 at 11:38 PM, Cory Smelosky <b4 at gewt.net> wrote:
On Fri, 29 Nov 2013, Sampsa Laine wrote:
On 29 Nov 2013, at 03:48, Gregg Levine <gregg.drwho8 at gmail.com> wrote:
Hello!
Interesting problem that one, Sampsa as applied to the Asterisk PBX.
Now the important question, who is or was hosting them? I might know
of them?
It's hosted in a colo facility operated by NETRIPLEX LLC - I actually
sent them the message as an act of goodwill, the PBX operator probably
DOESN'T want to be compromised like this :)
Now if only VersaWeb would shitcan this spammer that keeps spamming me...I
wish companies were more like the one you contacted that cared.
A compromised NAS, interesting. It might have been deliberately spun
up that way.....
That was in China - I don't even bother contacting their abuse points,
useless...
I got annoyed with those not working so I contemplated contacting ARIN or
the CEO directly. The CEO never emailed me back.
And I agree with you regarding the drivers license and the server issues.
It is getting ludicrous. Soon we'll all be behind NAT "for our own
safety". Ugh.
Yup...
--
Cory Smelosky
http://gewt.net Personal stuff
http://gimme-sympathy.org Projects
On Fri, 29 Nov 2013, Sampsa Laine wrote:
On 29 Nov 2013, at 03:48, Gregg Levine <gregg.drwho8 at gmail.com> wrote:
Hello!
Interesting problem that one, Sampsa as applied to the Asterisk PBX.
Now the important question, who is or was hosting them? I might know
of them?
It's hosted in a colo facility operated by NETRIPLEX LLC - I actually
sent them the message as an act of goodwill, the PBX operator probably
DOESN'T want to be compromised like this :)
Now if only VersaWeb would shitcan this spammer that keeps spamming me...I wish companies were more like the one you contacted that cared.
A compromised NAS, interesting. It might have been deliberately spun
up that way.....
That was in China - I don't even bother contacting their abuse points, useless...
I got annoyed with those not working so I contemplated contacting ARIN or the CEO directly. The CEO never emailed me back.
And I agree with you regarding the drivers license and the server issues.
It is getting ludicrous. Soon we'll all be behind NAT "for our own safety". Ugh.
Yup...
--
Cory Smelosky
http://gewt.net Personal stuff
http://gimme-sympathy.org Projects
On 29 Nov 2013, at 04:03, "Brian Schenkenberger, VAXman-" <system at TMESIS.COM> wrote:
Sampsa Laine <sampsa at mac.com> writes:
{...snip...}
It is getting ludicrous. Soon we'll all be behind NAT "for our own =
safety". Ugh.
NAT doesn't necessarily provide you or buy you any better security.
Well not necessarily but if you're the type to leave 20 services open on your box and you doing it on a NAT'd network with no port forwards, those 20 service won't be internet visible. I was being a bit sarcastic there because soon ISPs will start charging extra for non-NAT'd service I think, as the free IP pool gets shallower and shallower.
So NAT for n00bs = good. It doesn't expose their machine directly to the internet. Especially if you get the box from ISP like most people in the UK, they could lock down UPNP and any internet facing management ports, and the "crazy amount of open services" problem is gone.
Of course a less than brilliant user can go and download something that compromises his system on the INSIDE of the NAT and makes an outgoing connection, and you're right, you'd need a firewall (or competence) to stop that.
Sampsa
Sampsa Laine <sampsa at mac.com> writes:
{...snip...}
It is getting ludicrous. Soon we'll all be behind NAT "for our own =
safety". Ugh.
NAT doesn't necessarily provide you or buy you any better security.
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG
Well I speak to machines with the voice of humanity.
On 29 Nov 2013, at 03:48, Gregg Levine <gregg.drwho8 at gmail.com> wrote:
Hello!
Interesting problem that one, Sampsa as applied to the Asterisk PBX.
Now the important question, who is or was hosting them? I might know
of them?
It's hosted in a colo facility operated by NETRIPLEX LLC - I actually
sent them the message as an act of goodwill, the PBX operator probably
DOESN'T want to be compromised like this :)
A compromised NAS, interesting. It might have been deliberately spun
up that way.....
That was in China - I don't even bother contacting their abuse points, useless...
And I agree with you regarding the drivers license and the server issues.
It is getting ludicrous. Soon we'll all be behind NAT "for our own safety". Ugh.
Hello!
Interesting problem that one, Sampsa as applied to the Asterisk PBX.
Now the important question, who is or was hosting them? I might know
of them?
A compromised NAS, interesting. It might have been deliberately spun
up that way.....
And I agree with you regarding the drivers license and the server issues.
-----
Gregg C Levine gregg.drwho8 at gmail.com
"This signature fought the Time Wars, time and again."
On Thu, Nov 28, 2013 at 6:27 PM, Sampsa Laine <sampsa at mac.com> wrote:
Took out another 5 or so attackers today, actually reported one Asterisk PBX (weird, right) to their hosting company in the US, figured they are compromised.
All of the hosts I've scanned are basically compromised systems, some poor guys server or the latest one, a NAS unit with all its management ports accessible through the Internet.
I think we'll need some kind of driving license system for running servers at some point, this botnet stuff is just ridiculous :)
sampsa <sampsa at mac.com>
mobile +44 7961 149465
Took out another 5 or so attackers today, actually reported one Asterisk PBX (weird, right) to their hosting company in the US, figured they are compromised.
All of the hosts I've scanned are basically compromised systems, some poor guys server or the latest one, a NAS unit with all its management ports accessible through the Internet.
I think we'll need some kind of driving license system for running servers at some point, this botnet stuff is just ridiculous :)
sampsa <sampsa at mac.com>
mobile +44 7961 149465
Guys, I'm running a VT100 Tetris competition on CHIMPY::.
There's actual prizes and everything! You get a Tetris
Ninja certificate along with the stuff listed below.
If you DO get a high score (1st or 2nd place) PLEASE
screenshot the name entry screen and email it to
tetris at sampsa.com
Access: telnet to chimpy.sampsa.com, log in as tetris
Prizes / General Blurb
======================
CHIMPY:: VT100 (well VT220 if you have it) Tetris challenge relaunched!
Last year's winner never claimed his price, my suspicions being that he didn't
trust banker's drafts from obscure countries like the United Kingdom of Great
Britain and Northern Ireland.
So this year the price has not only been increased in total monetary value,
but it is issued in CASH. That's right, the winner will get LL 25,000
(TWENTY FIVE THOUSAND LEBANESE POUNDS), a reliable currency issued
by a known entity*, unlike the RBS Group.
The runner up will get EGP 35 (THIRTY FIVE EGYPTIAN POUNDS).
So get your VT220 client out, telnet to CHIMPY.SAMPSA.COM, and log in as
TETRIS.
We will be posting more or less frequent updates about the state of play.
* No seriously, the Lebanese Pound is dollar-pegged and hasn't been devalued
for like ever. Even during the July War it didn't drop.
sampsa <sampsa at mac.com>
mobile +44 7961 149465
