Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Shock news - NANOG likely to carry less operational content

  • From: Kai Schlichting
  • Date: Fri Jan 14 13:19:26 2000

I never received any of those mailings. Never ever.
Are specific people being targeted?


A quick scan of the machine that sent this reveals what appears to be
a MS Personal Webserver running on a Winblows machine:

$ telnet  168.212.244.134 80
Trying 168.212.244.134...
Connected to 168.212.244.134.
Escape character is '^]'.
GET / HTTP/1.0

HTTP/1.0 200 OK
Server: Microsoft-PWS-95/2.0
Date: Fri, 14 Jan 2000 18:09:01 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Sun, 22 Aug 1999 05:10:40 GMT
Content-Length: 2117
[snip]

Let me take a good guess about the security of this system,
given that it seems to run a version of this server from 1997.

Tanks are rolling.

bye,Kai

At Friday 11:34 AM 1/14/00 , William Allen Simpson wrote:

>I've received several of these the past month, with valid operational 
>subject lines, and all trying to get me to click and run an .exe.
>Good thing I read my email on a Mac!
>
>They are using the operational list persons as targets!  Shall the 
>operational folks get together and find them?
>
>Alex Bligh wrote:
> > 
> > I *believe* (really hope) this SPAM impersonating a NANOG poster
> > replying to a thread (traceroute doesn't go through pacrim.net).
> > 
> > Op content:
> > 
> > If so, be prepared for all sorts of being accused of sending
> > all sorts of other exciting messages about lesbians, cookie recipes
> > etc. etc.
> >...
> > Received: from [168.212.244.134] (helo=3Dmail.gxn.net)
> >         by brimstone.noc.gxn.net with smtp (Exim 3.02 #3)
> >         id 1291Gi-0004Sb-00
> >         for amb@gxn.net; Fri, 14 Jan 2000 07:35:36 +0000
> >...
> > 2.      Lesbians.exe
> >
>Mine were:
>
>Received: from [209.125.100.122] (HELO mail.greendragon.com) by watervalley.net 
>(Stalker SMTP Server 1.7) with SMTP id S.0003055677 for wsimpson@greendragon.com; Thu, 16 Dec
>1999 18:29:22 -0600
>From: Nora Lavelle <nora@geocast.com>
>To: wsimpson@greendragon.com
>Subject: Re: ARIN whois
>
>panther.exe
>
>Received: from [152.160.253.2] (HELO mail.greendragon.com) by watervalley.net 
>(Stalker SMTP Server 1.7) with SMTP id S.0003108551 for wsimpson@greendragon.com; Mon, 20 Dec
>1999 01:37:37 -0600
>From: Ivars Upatnieks <ivars@ic.net>
>To: wsimpson@greendragon.com
>Subject: Re: MCI/Worldcom fiber cut in NY?
>
>baby.exe
>
>Received: from [212.7.65.97] (HELO mail.greendragon.com) by watervalley.net 
>(Stalker SMTP Server 1.7) with SMTP id S.0003149731 for wsimpson@greendragon.com; 
>Wed, 22 Dec 1999 07:04:26 -0600
>From: CORE <core@denic.de>
>To: wsimpson@greendragon.com
>Subject: Re: PAB after comments ?
>
>copier.exe
>
>WSimpson@UMich.edu
>     Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32
>






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.