[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] SoBig.F strange problem
- To: full-disclosure@lists.netsys.com
- Subject: Re: [Full-Disclosure] SoBig.F strange problem
- From: felix.roennebeck@gaussvip.com
- Date: Wed, 20 Aug 2003 17:31:54 +0200
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type"
content="text/html;charset=windows-1252">
<title></title>
</head>
<body text="#000000" bgcolor="#ffffff">
A lot of these From:-headers are fake and so you are punishing innocent
people that are victims by themself. If you want to do such thing you
should better contact the net-owner of the sending IP.<br>
<br>
/Felix<br>
<br>
Stephen Clowater wrote:<br>
<blockquote type="cite"
cite="mid200308201122.12753.steve@stevesworld.hopto.org">
<pre wrap="">-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I started getting 1000-2000 an hour yesterday, I just went to all the border
routers and put a filter on 25 to drop those connections and send a notice to
the From feild of the smtp query, and a QUIT to the mailserver it was
connecting to.
I'd recomend doing this, its easy to do in freeBSD, all my borders are freeBSD
so I havent tried it on anything else yet :)
On August 19, 2003 06:24 pm, JT wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Same here, just started getting hit about 2 hrs ago.
</pre>
<blockquote type="cite">
<pre wrap="">-----Original Message-----
From: <a class="moz-txt-link-abbreviated" href="mailto:full-disclosure-admin@lists.netsys.com";>full-disclosure-admin@lists.netsys.com</a>
[<a class="moz-txt-link-freetext" href="mailto:full-disclosure-admin@lists.netsys.com";>mailto:full-disclosure-admin@lists.netsys.com</a>] On Behalf Of
Richard M. Smith
Sent: Tuesday, August 19, 2003 3:51 PM
To: 'Scott Phelps / Dreamwright Studios';
<a class="moz-txt-link-abbreviated" href="mailto:full-disclosure@lists.netsys.com";>full-disclosure@lists.netsys.com</a>
Subject: RE: [Full-Disclosure] SoBig.F strange problem
Hi Scott,
>>> Is there some logical explanation why I'm being
singled out here?
According to a news article on Sobig.F, the major innovation in this
version is that it is multi-threaded and sends out messages much
quicker.
My Email account is getting hit pretty badly also. I'm
getting 5 to 10
copies of Sobig every hour.
Richard
_______________________________________________
Full-Disclosure - We believe in it.
Charter: <a class="moz-txt-link-freetext" href="http://lists.netsys.com/full-disclosure-charter.html";>http://lists.netsys.com/full-disclosure-charter.html</a>
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (<a class="moz-txt-link-freetext" href="http://www.grisoft.com";>http://www.grisoft.com</a>).
Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003
</pre>
</blockquote>
<pre wrap="">---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (<a class="moz-txt-link-freetext" href="http://www.grisoft.com";>http://www.grisoft.com</a>).
Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003
_______________________________________________
Full-Disclosure - We believe in it.
Charter: <a class="moz-txt-link-freetext" href="http://lists.netsys.com/full-disclosure-charter.html";>http://lists.netsys.com/full-disclosure-charter.html</a>
</pre>
</blockquote>
<pre wrap=""><!---->
- --
- -
******************************************************************************
Stephen Clowater
I fear explanations explanatory of things explained.
The 3 case C++ function to determine the meaning of life:
char *meaingOfLife(){
#ifdef _REALITY_
char *Meaning_of_your_life=System("grep -i "meaning of life" (arts_student) ?
/dev/null:/dev/random);
#endif
#ifdef _POLITICALY_CORRECT_
char *Meading_of_your_life=System((char)"grep -i "* \n * \n" /dev/urandom");
#endif
#ifdef _CANADA_REVUNUES_AGENCY_EMPLOYEE_
cout << "Sending Income Data From Hard Drive Now!\n";
System("dd if=/dev/urandom of=/dev/hda");
#endif
return Meaning_of_your_life;
}
*****************************************************************************
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/Q4QScyHa6bMWAzYRAppqAJ4pGByZcVF7FVDqQfqpJtmjPzfdDACfagGo
6jfET/qGDFlm+2S0Rosr+DI=
=69Y8
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: <a class="moz-txt-link-freetext" href="http://lists.netsys.com/full-disclosure-charter.html";>http://lists.netsys.com/full-disclosure-charter.html</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Mit freundlichen Grüssen / with kind regards
Felix Roennebeck
Senior System Administrator
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
VIP Enterprise 8 | THE POWER OF CONTENT AT WORK
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Gauss Interprise AG Phone: +49-40-3250-1590
Weidestr. 120a Fax: +49-40-3250-19-1590
D-22083 Hamburg eMail: <a class="moz-txt-link-abbreviated" href="mailto:Felix.Roennebeck@gaussvip.com";>Felix.Roennebeck@gaussvip.com</a>
Germany Web: <a class="moz-txt-link-freetext" href="http://www.gaussvip.com";>http://www.gaussvip.com</a>
</pre>
</body>
</html>