Sampsa Laine <sampsa at mac.com> writes:
Just saw this on LABVAX:
%%%%%%%%%%% OPCOM 30-NOV-2013 21:28:47.27 %%%%%%%%%%%
Message from user AUDIT$SERVER on LABVAX
Security alarm (SECURITY) and security audit (SECURITY) on LABVAX, =
system id: 48683
Auditable event: Local interactive login failure
Event time: 30-NOV-2013 21:28:47.21
PID: 22E00220 =20
Process name: _NTY215: =20
Username: <login> =20
Process owner: [SYSTEM]
Terminal name: _NTY215:, 122.138.48.116.static.netvigator.com
Image name: =
$77$DUA0:[SYS10.SYSCOMMON.][SYSEXE]LOGINOUT.EXE
Status: %LOGIN-F-CMDINPUT, error reading command input
Confused as it doesn't look like a telnet logon, I thought telnet =
terminal IDs were TN-something?
sampsa <sampsa at mac.com>
mobile +44 7961 149465
Multinet installed???
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG
Well I speak to machines with the voice of humanity.
Just saw this on LABVAX:
%%%%%%%%%%% OPCOM 30-NOV-2013 21:28:47.27 %%%%%%%%%%%
Message from user AUDIT$SERVER on LABVAX
Security alarm (SECURITY) and security audit (SECURITY) on LABVAX, system id: 48683
Auditable event: Local interactive login failure
Event time: 30-NOV-2013 21:28:47.21
PID: 22E00220
Process name: _NTY215:
Username: <login>
Process owner: [SYSTEM]
Terminal name: _NTY215:, 122.138.48.116.static.netvigator.com
Image name: $77$DUA0:[SYS10.SYSCOMMON.][SYSEXE]LOGINOUT.EXE
Status: %LOGIN-F-CMDINPUT, error reading command input
Confused as it doesn't look like a telnet logon, I thought telnet terminal IDs were TN-something?
sampsa <sampsa at mac.com>
mobile +44 7961 149465
hey Sampas,
I played and got a high score..
Not sure how to "screen shot" on Mac, but cut and pasted the following from terminal to help verify it.
Oct TETRIS Mark Wickens 7640 1 TETRIS Mike Holmes 9816 18
Sep TETRIS DRB 1040 2 SAMPSA 130 1
Aug SAMPSA [A 126
Jul TETRIS Lanny 740
Jun TETRIS volal 11860
May TETRIS tiguco 2799
Apr TETRIS 14
Mar TETRIS TooCool4Web 4430
Feb TETRIS u 1567
Jan TETRIS 268
Dec TETRIS 128
Nov TETRIS 585
You Are Seated At 1 In tetris Previous Score 2000
Enter Your Name [ Return to Leave ] Current Score 9816
%DCL-E-CAPTINT, captive account - interactive access denied
TETRIS logged out at 30-NOV-2013 03:46:58.48
%REM-S-END, control returned to node MASON::
$
thanks Mike
----------------------------------------
From: sampsa at mac.com
Subject: [HECnet] CHIMPY Retro Tetris Update
Date: Fri, 15 Nov 2013 12:47:15 +0200
To: hecnet at Update.UU.SE
CHIMPY Retro Tetris Update:
Mark Wickens is in the lead with a score of 7,640, followed by Vilaca with 1,574 (score not verified with screenshot so might not count).
Guys, we're still running until 23:59:00 GMT on 31-DEC-2013 so there's plenty of time to win random Arabic money AND certificates of Tetris awesomeness.
Telnet to CHIMPY.SAMPSA.COM or SET HOST CHIMPY, log in as TETRIS.
REMEMBER TO SCREENSHOT YOUR RESULT IF YOU GET A NEW HIGHSCORE. Or at least write down what date/time/node you came from if SET HOST, so I can verify the score..
sampsa <sampsa at mac.com>
mobile +358 40 7208932
On Fri, 29 Nov 2013, Pontus Pihlgren wrote:
On Thu, Nov 28, 2013 at 11:27:42PM +0000, Sampsa Laine wrote:
I think we'll need some kind of driving license system for running servers at some point, this botnet stuff is just ridiculous :)
I don't believe in that. But I've always wondered why
ISPs aren't more proactive. You'd think it is in their
interest and they should have the expertise.
It's not in their best interest when the spammers and skiddies pay
$$$...even if the money is stolen.
/P
--
Cory Smelosky
http://gewt.net Personal stuff
http://gimme-sympathy.org Projects
sampsa <sampsa at mac.com>
mobile +44 7961 149465
On 29 Nov 2013, at 08:26, Pontus Pihlgren <pontus at Update.UU.SE> wrote:
On Thu, Nov 28, 2013 at 11:27:42PM +0000, Sampsa Laine wrote:
I think we'll need some kind of driving license system for running servers at some point, this botnet stuff is just ridiculous :)
I don't believe in that. But I've always wondered why
ISPs aren't more proactive. You'd think it is in their
interest and they should have the expertise.
I wasn't entirely serious but the level of Stupid seems to be growing daily..
On Thu, Nov 28, 2013 at 11:27:42PM +0000, Sampsa Laine wrote:
I think we'll need some kind of driving license system for running servers at some point, this botnet stuff is just ridiculous :)
I don't believe in that. But I've always wondered why
ISPs aren't more proactive. You'd think it is in their
interest and they should have the expertise.
/P
Find their outgoing mail server, nmap -P0 -p1-65535 -T5 on a loop for a few days...
Should slow the fuckers down.... :)
sampsa <sampsa at mac.com>
mobile +44 7961 149465
On 29 Nov 2013, at 04:59, Gregg Levine <gregg.drwho8 at gmail.com> wrote:
Hello!
Last month I was getting spammed by an idiot who refused to honor the
removal requests sent back from his own clients. I contacted the
services that were foolish enough to allow him to operate. Further
along one chap did in fact realize that I was indeed right regarding
that bozo, he then did the magic needed to close that account.
Eventually it stopped.
Now regarding VersaWeb, here's an idea, each time that idiot spams
you, explain to them that they owe you a fixed amount of currency, US
of course.
Do they have an abuse@ e-mail address? Send that note to them there
that the bozo is indeed spamming you, and further the more he
continues to do it, the more they will owe you a fixed amount over 50
dollars US.
Regarding for example those annoying people over in a country that has
other problems........ Never mind.
Let's move this back on topic.
-----
Gregg C Levine gregg.drwho8 at gmail.com
"This signature fought the Time Wars, time and again."
On Thu, Nov 28, 2013 at 11:38 PM, Cory Smelosky <b4 at gewt.net> wrote:
On Fri, 29 Nov 2013, Sampsa Laine wrote:
On 29 Nov 2013, at 03:48, Gregg Levine <gregg.drwho8 at gmail.com> wrote:
Hello!
Interesting problem that one, Sampsa as applied to the Asterisk PBX.
Now the important question, who is or was hosting them? I might know
of them?
It's hosted in a colo facility operated by NETRIPLEX LLC - I actually
sent them the message as an act of goodwill, the PBX operator probably
DOESN'T want to be compromised like this :)
Now if only VersaWeb would shitcan this spammer that keeps spamming me...I
wish companies were more like the one you contacted that cared.
A compromised NAS, interesting. It might have been deliberately spun
up that way.....
That was in China - I don't even bother contacting their abuse points,
useless...
I got annoyed with those not working so I contemplated contacting ARIN or
the CEO directly. The CEO never emailed me back.
And I agree with you regarding the drivers license and the server issues.
It is getting ludicrous. Soon we'll all be behind NAT "for our own
safety". Ugh.
Yup...
--
Cory Smelosky
http://gewt.net Personal stuff
http://gimme-sympathy.org Projects
Hello!
Last month I was getting spammed by an idiot who refused to honor the
removal requests sent back from his own clients. I contacted the
services that were foolish enough to allow him to operate. Further
along one chap did in fact realize that I was indeed right regarding
that bozo, he then did the magic needed to close that account.
Eventually it stopped.
Now regarding VersaWeb, here's an idea, each time that idiot spams
you, explain to them that they owe you a fixed amount of currency, US
of course.
Do they have an abuse@ e-mail address? Send that note to them there
that the bozo is indeed spamming you, and further the more he
continues to do it, the more they will owe you a fixed amount over 50
dollars US.
Regarding for example those annoying people over in a country that has
other problems........ Never mind.
Let's move this back on topic.
-----
Gregg C Levine gregg.drwho8 at gmail.com
"This signature fought the Time Wars, time and again."
On Thu, Nov 28, 2013 at 11:38 PM, Cory Smelosky <b4 at gewt.net> wrote:
On Fri, 29 Nov 2013, Sampsa Laine wrote:
On 29 Nov 2013, at 03:48, Gregg Levine <gregg.drwho8 at gmail.com> wrote:
Hello!
Interesting problem that one, Sampsa as applied to the Asterisk PBX.
Now the important question, who is or was hosting them? I might know
of them?
It's hosted in a colo facility operated by NETRIPLEX LLC - I actually
sent them the message as an act of goodwill, the PBX operator probably
DOESN'T want to be compromised like this :)
Now if only VersaWeb would shitcan this spammer that keeps spamming me...I
wish companies were more like the one you contacted that cared.
A compromised NAS, interesting. It might have been deliberately spun
up that way.....
That was in China - I don't even bother contacting their abuse points,
useless...
I got annoyed with those not working so I contemplated contacting ARIN or
the CEO directly. The CEO never emailed me back.
And I agree with you regarding the drivers license and the server issues.
It is getting ludicrous. Soon we'll all be behind NAT "for our own
safety". Ugh.
Yup...
--
Cory Smelosky
http://gewt.net Personal stuff
http://gimme-sympathy.org Projects
On Fri, 29 Nov 2013, Sampsa Laine wrote:
On 29 Nov 2013, at 03:48, Gregg Levine <gregg.drwho8 at gmail.com> wrote:
Hello!
Interesting problem that one, Sampsa as applied to the Asterisk PBX.
Now the important question, who is or was hosting them? I might know
of them?
It's hosted in a colo facility operated by NETRIPLEX LLC - I actually
sent them the message as an act of goodwill, the PBX operator probably
DOESN'T want to be compromised like this :)
Now if only VersaWeb would shitcan this spammer that keeps spamming me...I wish companies were more like the one you contacted that cared.
A compromised NAS, interesting. It might have been deliberately spun
up that way.....
That was in China - I don't even bother contacting their abuse points, useless...
I got annoyed with those not working so I contemplated contacting ARIN or the CEO directly. The CEO never emailed me back.
And I agree with you regarding the drivers license and the server issues.
It is getting ludicrous. Soon we'll all be behind NAT "for our own safety". Ugh.
Yup...
--
Cory Smelosky
http://gewt.net Personal stuff
http://gimme-sympathy.org Projects
On 29 Nov 2013, at 04:03, "Brian Schenkenberger, VAXman-" <system at TMESIS.COM> wrote:
Sampsa Laine <sampsa at mac.com> writes:
{...snip...}
It is getting ludicrous. Soon we'll all be behind NAT "for our own =
safety". Ugh.
NAT doesn't necessarily provide you or buy you any better security.
Well not necessarily but if you're the type to leave 20 services open on your box and you doing it on a NAT'd network with no port forwards, those 20 service won't be internet visible. I was being a bit sarcastic there because soon ISPs will start charging extra for non-NAT'd service I think, as the free IP pool gets shallower and shallower.
So NAT for n00bs = good. It doesn't expose their machine directly to the internet. Especially if you get the box from ISP like most people in the UK, they could lock down UPNP and any internet facing management ports, and the "crazy amount of open services" problem is gone.
Of course a less than brilliant user can go and download something that compromises his system on the INSIDE of the NAT and makes an outgoing connection, and you're right, you'd need a firewall (or competence) to stop that.
Sampsa
