HECnet

hecnet@lists.dfupdate.se

15589 discussions

by sampsa＠mac.com

Find their outgoing mail server, nmap -P0 -p1-65535 -T5 on a loop for a few days... Should slow the fuckers down.... :) sampsa <sampsa at mac.com> mobile +44 7961 149465 On 29 Nov 2013, at 04:59, Gregg Levine <gregg.drwho8 at gmail.com> wrote: Hello! Last month I was getting spammed by an idiot who refused to honor the removal requests sent back from his own clients. I contacted the services that were foolish enough to allow him to operate. Further along one chap did in fact realize that I was indeed right regarding that bozo, he then did the magic needed to close that account. Eventually it stopped. Now regarding VersaWeb, here's an idea, each time that idiot spams you, explain to them that they owe you a fixed amount of currency, US of course. Do they have an abuse@ e-mail address? Send that note to them there that the bozo is indeed spamming you, and further the more he continues to do it, the more they will owe you a fixed amount over 50 dollars US. Regarding for example those annoying people over in a country that has other problems........ Never mind. Let's move this back on topic. ----- Gregg C Levine gregg.drwho8 at gmail.com "This signature fought the Time Wars, time and again." On Thu, Nov 28, 2013 at 11:38 PM, Cory Smelosky <b4 at gewt.net> wrote: On Fri, 29 Nov 2013, Sampsa Laine wrote: On 29 Nov 2013, at 03:48, Gregg Levine <gregg.drwho8 at gmail.com> wrote: Hello! Interesting problem that one, Sampsa as applied to the Asterisk PBX. Now the important question, who is or was hosting them? I might know of them? It's hosted in a colo facility operated by NETRIPLEX LLC - I actually sent them the message as an act of goodwill, the PBX operator probably DOESN'T want to be compromised like this :) Now if only VersaWeb would shitcan this spammer that keeps spamming me...I wish companies were more like the one you contacted that cared. A compromised NAS, interesting. It might have been deliberately spun up that way..... That was in China - I don't even bother contacting their abuse points, useless... I got annoyed with those not working so I contemplated contacting ARIN or the CEO directly. The CEO never emailed me back. And I agree with you regarding the drivers license and the server issues. It is getting ludicrous. Soon we'll all be behind NAT "for our own safety". Ugh. Yup... -- Cory Smelosky http://gewt.net Personal stuff http://gimme-sympathy.org Projects

12 years, 2 months

Telnet/SSH attacks

by gregg.drwho8＠gmail.com

Hello! Last month I was getting spammed by an idiot who refused to honor the removal requests sent back from his own clients. I contacted the services that were foolish enough to allow him to operate. Further along one chap did in fact realize that I was indeed right regarding that bozo, he then did the magic needed to close that account. Eventually it stopped. Now regarding VersaWeb, here's an idea, each time that idiot spams you, explain to them that they owe you a fixed amount of currency, US of course. Do they have an abuse@ e-mail address? Send that note to them there that the bozo is indeed spamming you, and further the more he continues to do it, the more they will owe you a fixed amount over 50 dollars US. Regarding for example those annoying people over in a country that has other problems........ Never mind. Let's move this back on topic. ----- Gregg C Levine gregg.drwho8 at gmail.com "This signature fought the Time Wars, time and again." On Thu, Nov 28, 2013 at 11:38 PM, Cory Smelosky <b4 at gewt.net> wrote: On Fri, 29 Nov 2013, Sampsa Laine wrote: On 29 Nov 2013, at 03:48, Gregg Levine <gregg.drwho8 at gmail.com> wrote: Hello! Interesting problem that one, Sampsa as applied to the Asterisk PBX. Now the important question, who is or was hosting them? I might know of them? It's hosted in a colo facility operated by NETRIPLEX LLC - I actually sent them the message as an act of goodwill, the PBX operator probably DOESN'T want to be compromised like this :) Now if only VersaWeb would shitcan this spammer that keeps spamming me...I wish companies were more like the one you contacted that cared. A compromised NAS, interesting. It might have been deliberately spun up that way..... That was in China - I don't even bother contacting their abuse points, useless... I got annoyed with those not working so I contemplated contacting ARIN or the CEO directly. The CEO never emailed me back. And I agree with you regarding the drivers license and the server issues. It is getting ludicrous. Soon we'll all be behind NAT "for our own safety". Ugh. Yup... -- Cory Smelosky http://gewt.net Personal stuff http://gimme-sympathy.org Projects

12 years, 2 months

Telnet/SSH attacks

by b4＠gewt.net

On Fri, 29 Nov 2013, Sampsa Laine wrote: On 29 Nov 2013, at 03:48, Gregg Levine <gregg.drwho8 at gmail.com> wrote: Hello! Interesting problem that one, Sampsa as applied to the Asterisk PBX. Now the important question, who is or was hosting them? I might know of them? It's hosted in a colo facility operated by NETRIPLEX LLC - I actually sent them the message as an act of goodwill, the PBX operator probably DOESN'T want to be compromised like this :) Now if only VersaWeb would shitcan this spammer that keeps spamming me...I wish companies were more like the one you contacted that cared. A compromised NAS, interesting. It might have been deliberately spun up that way..... That was in China - I don't even bother contacting their abuse points, useless... I got annoyed with those not working so I contemplated contacting ARIN or the CEO directly. The CEO never emailed me back. And I agree with you regarding the drivers license and the server issues. It is getting ludicrous. Soon we'll all be behind NAT "for our own safety". Ugh. Yup... -- Cory Smelosky http://gewt.net Personal stuff http://gimme-sympathy.org Projects

12 years, 2 months

Telnet/SSH attacks

by sampsa＠mac.com

On 29 Nov 2013, at 04:03, "Brian Schenkenberger, VAXman-" <system at TMESIS.COM> wrote: Sampsa Laine <sampsa at mac.com> writes: {...snip...} It is getting ludicrous. Soon we'll all be behind NAT "for our own = safety". Ugh. NAT doesn't necessarily provide you or buy you any better security. Well not necessarily but if you're the type to leave 20 services open on your box and you doing it on a NAT'd network with no port forwards, those 20 service won't be internet visible. I was being a bit sarcastic there because soon ISPs will start charging extra for non-NAT'd service I think, as the free IP pool gets shallower and shallower. So NAT for n00bs = good. It doesn't expose their machine directly to the internet. Especially if you get the box from ISP like most people in the UK, they could lock down UPNP and any internet facing management ports, and the "crazy amount of open services" problem is gone. Of course a less than brilliant user can go and download something that compromises his system on the INSIDE of the NAT and makes an outgoing connection, and you're right, you'd need a firewall (or competence) to stop that. Sampsa

12 years, 2 months

Telnet/SSH attacks

by system＠TMESIS.COM

Sampsa Laine <sampsa at mac.com> writes: {...snip...} It is getting ludicrous. Soon we'll all be behind NAT "for our own = safety". Ugh. NAT doesn't necessarily provide you or buy you any better security. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG Well I speak to machines with the voice of humanity.

12 years, 2 months

Telnet/SSH attacks

by sampsa＠mac.com

On 29 Nov 2013, at 03:48, Gregg Levine <gregg.drwho8 at gmail.com> wrote: Hello! Interesting problem that one, Sampsa as applied to the Asterisk PBX. Now the important question, who is or was hosting them? I might know of them? It's hosted in a colo facility operated by NETRIPLEX LLC - I actually sent them the message as an act of goodwill, the PBX operator probably DOESN'T want to be compromised like this :) A compromised NAS, interesting. It might have been deliberately spun up that way..... That was in China - I don't even bother contacting their abuse points, useless... And I agree with you regarding the drivers license and the server issues. It is getting ludicrous. Soon we'll all be behind NAT "for our own safety". Ugh.

12 years, 2 months

Telnet/SSH attacks

by gregg.drwho8＠gmail.com

Hello! Interesting problem that one, Sampsa as applied to the Asterisk PBX. Now the important question, who is or was hosting them? I might know of them? A compromised NAS, interesting. It might have been deliberately spun up that way..... And I agree with you regarding the drivers license and the server issues. ----- Gregg C Levine gregg.drwho8 at gmail.com "This signature fought the Time Wars, time and again." On Thu, Nov 28, 2013 at 6:27 PM, Sampsa Laine <sampsa at mac.com> wrote: Took out another 5 or so attackers today, actually reported one Asterisk PBX (weird, right) to their hosting company in the US, figured they are compromised. All of the hosts I've scanned are basically compromised systems, some poor guys server or the latest one, a NAS unit with all its management ports accessible through the Internet. I think we'll need some kind of driving license system for running servers at some point, this botnet stuff is just ridiculous :) sampsa <sampsa at mac.com> mobile +44 7961 149465

12 years, 2 months

Telnet/SSH attacks

by sampsa＠mac.com

Took out another 5 or so attackers today, actually reported one Asterisk PBX (weird, right) to their hosting company in the US, figured they are compromised. All of the hosts I've scanned are basically compromised systems, some poor guys server or the latest one, a NAS unit with all its management ports accessible through the Internet. I think we'll need some kind of driving license system for running servers at some point, this botnet stuff is just ridiculous :) sampsa <sampsa at mac.com> mobile +44 7961 149465

12 years, 2 months

Fun and Games: Only one month left on the CHIMPY:: Tetris Challenge 2013!

by sampsa＠mac.com

Guys, I'm running a VT100 Tetris competition on CHIMPY::. There's actual prizes and everything! You get a Tetris Ninja certificate along with the stuff listed below. If you DO get a high score (1st or 2nd place) PLEASE screenshot the name entry screen and email it to tetris at sampsa.com Access: telnet to chimpy.sampsa.com, log in as tetris Prizes / General Blurb ====================== CHIMPY:: VT100 (well VT220 if you have it) Tetris challenge relaunched! Last year's winner never claimed his price, my suspicions being that he didn't trust banker's drafts from obscure countries like the United Kingdom of Great Britain and Northern Ireland. So this year the price has not only been increased in total monetary value, but it is issued in CASH. That's right, the winner will get LL 25,000 (TWENTY FIVE THOUSAND LEBANESE POUNDS), a reliable currency issued by a known entity*, unlike the RBS Group. The runner up will get EGP 35 (THIRTY FIVE EGYPTIAN POUNDS). So get your VT220 client out, telnet to CHIMPY.SAMPSA.COM, and log in as TETRIS. We will be posting more or less frequent updates about the state of play. * No seriously, the Lebanese Pound is dollar-pegged and hasn't been devalued for like ever. Even during the July War it didn't drop. sampsa <sampsa at mac.com> mobile +44 7961 149465

12 years, 2 months

Telnet/SSH attacks

by system＠TMESIS.COM

Dave McGuire <mcguire at neurotica.com> writes: On 11/27/2013 12:13 PM, Brian Schenkenberger, VAXman- wrote: The Telnet protocol itself makes no promises about the presence OR absence of encryption, and it has a very flexible do/don't/will/won't option negotiation protocol. Kerberos-enabled telnet, in particular, allows for automatic authentication and/or stream encryption, with either enabled or disabled on an invocation-by-invocation basis. Kerberos-enabled telnet doesn't work unless the target is setup to and willing to provide for it. I have no knowledge of how Sampsa has his configured but from the initial discussion, I'd doubt that Kerberos is involved. As do I. I was merely nit-picking that "telnet" does not exclusively mean "cleartext". Given that it was an open and outward-facing service, I'd certainly HOPE it was Kerberized telnet! ;) Sampsa already explain that it is not. I do have telnet enabled but only for specific captive accounts. These accounts -- such as the VTTEST account -- run an application that can't be escaped from to tinker with anything on the system. For the general cases, though, I only permit 'ssh' for external access and that runs on an alternate port too. Port scanning ssh on a VMS system can consume a over-generous amount of CPU resources. I also limit, becasue of this, how many 'ssh' session can be created at any one time. For me, this is a pretty low number as I should be the only party accessing my systems. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG Well I speak to machines with the voice of humanity.

12 years, 2 months

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

HECnet