RE: short Botnet list and Cashing in on DoS
b) IRC is a haven for these people, unfortunately networks like Undernet take it a step further by providing channel services and host hiding so that not only the people behind the DDoS are hidden, but so are the bots themselves. The people running the network fear retaliation too much to do anything about it. === The sad thing is that IRC has actual positive uses for sharing information; look at the various help channels (especially on a net like freenode) for everything from Linux to math to all different types of programming languages. That's what a lot of people don't understand when they examine the problem of IRC and botnets, is that YES it has huge issues but it has legitimate (albeit very under-proportionate to the number of non-legitimate) uses and users. -Drew
On Fri, Oct 08, 2004 at 02:40:06PM -0400, Drew Weaver wrote:
The sad thing is that IRC has actual positive uses for sharing information; look at the various help channels (especially on a net like freenode) for everything from Linux to math to all different types of programming languages. That's what a lot of people don't understand when they examine the problem of IRC and botnets, is that YES it has huge issues but it has legitimate (albeit very under-proportionate to the number of non-legitimate) uses and users.
-Drew
I didn't mean to put IRC in a bad light, just pointing out that as usual, any good tool can be abused. -- Matthew S. Hallacy FUBAR, LART, BOFH Certified http://www.poptix.net GPG public key 0x01938203
I didn't mean to put IRC in a bad light, just pointing out that as usual, any good tool can be abused.
Those drone armies that lurk on actual real networks are a major problem for the networks themselves, but I doubt anyone can blame them for: 1. Worrying about personal privacy of their users, not wanting to bend too many rules to fight these drones that *appear* like regular users. 2. Piss enough kiddies and these drone armies will take down servers. Meaning the hosting company might not even want to keep hosting it afterwards. There have been several examples of servers that were taken down along with the tri-state area, for a few hours. Major losses. Gadi.
On Fri, Oct 08, 2004 at 09:07:48PM +0200, Gadi Evron wrote:
Those drone armies that lurk on actual real networks are a major problem for the networks themselves, but I doubt anyone can blame them for:
Only when they do something about it.
1. Worrying about personal privacy of their users, not wanting to bend too many rules to fight these drones that *appear* like regular users.
Appear? If you own one of the blocks below, please do something about it. sadsa``` ~orion@67.98.36.19 Don't Touch Me `o`hj`h` ~orion@67.98.36.19 Don't Touch Me TaiFrunze ~orion@66.136.184.186 Don't Touch Me Crist9597 ~orion@adsl-66-136-184-186.dsl.stlsmo.swbell.net Don't Touch Me Mihaiul ~orion@pD9F73FA3.dip.t-dialin.net Don't Touch Me Cs` ~tayrona@pD9F5AF65.dip.t-dialin.net Don't Touch Me __intzu__ ~alpina@pD9F5AF65.dip.t-dialin.net Don't Touch Me _ragonul_ ~alpina@203.115.112.137 Don't Touch Me Dragonul_ ~alpina@203.115.112.137 Don't Touch Me }-{ ~orion@66.88.13.142 Don't Touch Me {}- ~orion@66.88.13.142 Don't Touch Me Kyia_ ~tayrona@pD9F5AEFB.dip.t-dialin.net Don't Touch Me Rupetot ~weed@ptd2-d9b8264f.pool.mediaWays.net Don't Touch Me awa` ~imagine@ptd2-d9b8264f.pool.mediaWays.net Don't Touch Me Raz ~private@pD9F5AF4A.dip.t-dialin.net Don't Touch Me FacFocu ~orion@66.161.11.110 Don't Touch Me Cristi-- ~alpina@pD9F5AE4A.dip.t-dialin.net Don't Touch Me VandFan ~users@pD9F5AE17.dip.t-dialin.net Don't Touch Me Dragonul` ~tayrona@217.245.174.20 Don't Touch Me Viper18 ~users@pD9F5AE17.dip.t-dialin.net Don't Touch Me \op ~orion@h-66-134-43-211.snvacaid.covad.net Don't Touch Me Kyia ~weed@c-67-163-117-167.client.comcast.net Don't Touch Me n3fertiti ~users@ll194-33-222-204-194.ll194.iam.net.ma Don't Touch Me _____i___ ~orion@c-24-16-161-107.client.comcast.net Don't Touch Me Tzucky ~orion@MaKkInSus.users.undernet.org Don't Touch Me Cristel` ~orion@c-24-16-161-107.client.comcast.net Don't Touch Me ns0 ~orion@earth.sisioh.com Don't Touch Me Aiuritul ~ignore@ll194-33-222-204-194.ll194.iam.net.ma Don't Touch Me dragonul ~orion@67.40.239.163 Don't Touch Me Aiure`l ~orion@66.161.11.110 Don't Touch Me Avi0n ~orion@dsl092-179-090.sfo1.dsl.speakeasy.net Don't Touch Me Muthi_ ~orion@adsl-67-38-98-242.dsl.chcgil.ameritech.net Don't Touch Me forgrt ~orion@adsl-67-38-98-242.dsl.chcgil.ameritech.net Don't Touch Me Qp` ~orion@dsl092-032-218.lax1.dsl.speakeasy.net Don't Touch Me Pasarel ~orion@dsl092-032-218.lax1.dsl.speakeasy.net Don't Touch Me `p`p`p ~orion@202.39.224.36 Don't Touch Me Dragonel ~orion@202.39.224.36 Don't Touch Me polq ~orion@202.37.100.19 Don't Touch Me `o`o`o`o` ~orion@202.37.100.19 Don't Touch Me HanPanga ~orion@dsl092-030-100.sea2.dsl.speakeasy.net Don't Touch Me Hanga ~orion@dsl092-030-100.sea2.dsl.speakeasy.net Don't Touch Me helpMa ~orion@dsl092-030-249.sea2.dsl.speakeasy.net Don't Touch Me OrlanDo`` ~orion@rrcs-67-52-199-254.west.biz.rr.com Don't Touch Me ionmaria ~orion@dsl092-030-249.sea2.dsl.speakeasy.net Don't Touch Me Wow` ~orion@216.138.83.22 Don't Touch Me heart ~orion@WhaThaFack.users.undernet.org Don't Touch Me nicknam`` ~orion@67.69.108.212 Don't Touch Me _o_o_o ~orion@67.69.108.212 Don't Touch Me apometre ~orion@66.228.198.102 Don't Touch Me mutule ~orion@66.228.198.102 Don't Touch Me sugaciu`` ~orion@67.40.239.163 Don't Touch Me Rezerve ~imagine@c-67-164-103-112.client.comcast.net Don't Touch Me Sugaci`` ~orion@CPE-65-30-85-5.kc.rr.com Don't Touch Me daasd`` ~orion@CPE-65-30-85-5.kc.rr.com Don't Touch Me Soule ~fucked@c-67-164-103-112.client.comcast.net Don't Touch Me IP255 ~orion@uslec-66-255-65-10.cust.uslec.net Don't Touch Me Ghidon ~orion@adsl-66-218-54-38.dslextreme.com Don't Touch Me Minea ~orion@user-119bq9a.biz.mindspring.com Don't Touch Me Milimetru ~orion@mdsnwinrp3-pool0-a130.mdsnwi.tds.net Don't Touch Me centime ~orion@mdsnwinrp3-pool0-a130.mdsnwi.tds.net Don't Touch Me wip` ~orion@user-119bq9a.biz.mindspring.com Don't Touch Me ijij ~orion@Toronto-HSE-ppp3746549.sympatico.ca Don't Touch Me _o_ ~orion@rrcs-67-52-199-254.west.biz.rr.com Don't Touch Me afchd`` ~orion@Toronto-HSE-ppp3746549.sympatico.ca Don't Touch Me Aiureai ~orion@va-65-41-106-85.sta.sprint-hsd.net Don't Touch Me Save- ~weed@c-67-163-117-167.client.comcast.net Don't Touch Me Sugativa` ~orion@va-65-41-106-85.sta.sprint-hsd.net Don't Touch Me costi`` ~orion@66.88.191.62.ptr.us.xo.net Don't Touch Me }-{` ~orion@66.88.191.62.ptr.us.xo.net Don't Touch Me `o`o`o ~orion@67.39.113.154 Don't Touch Me wacdsfc ~orion@67.39.113.154 Don't Touch Me Cruella ~orion@216.138.83.22 Don't Touch Me So`what ~orion@ns1.kimbrand.net Don't Touch Me `o`o ~orion@li9-240.members.linode.com Don't Touch Me Dragon-` ~orion@li9-240.members.linode.com Don't Touch Me mysql ~orion@ns1.kimbrand.net Don't Touch Me MaArunc ~berg@66.192.122.27 Don't Touch Me InterGame ~orion@c66.203.200.210.tidc.telus.com Don't Touch Me Ampulea ~orion@c66.203.200.210.tidc.telus.com Don't Touch Me wadasd` ~orion@213.210.185.47.adsl.nextra.cz Don't Touch Me Vrabie ~orion@213.210.185.47 Don't Touch Me Ancas ~orion@66.192.122.27 Don't Touch Me Hacker-ul ~orion@67.32.12.11 Don't Touch Me Pilotu ~orion@mumiaX.users.undernet.org Don't Touch Me lamerul ~orion@66-194-148-180.gen.twtelecom.net Don't Touch Me Muthi ~orion@66-194-148-180.gen.twtelecom.net Don't Touch Me Pasarelu ~orion@216.198.204.226 Don't Touch Me `o`o``o` ~orion@216.198.204.226 Don't Touch Me Apometru ~orion@213.234.124.169 Don't Touch Me Soare` ~orion@213.234.124.169 Don't Touch Me qwewq ~property@213.237.106.4 Don't Touch Me Imagine ~orion@server195-228.matrix-server.co.uk Don't Touch Me SeeN ~orion@Flgurantu.users.undernet.org Don't Touch Me Saliva ~imagine@ptd2-d9b8264f.pool.mediaWays.net Don't Touch Me }[} ~orion@h-66-134-43-211.snvacaid.covad.net Don't Touch Me Polik ~orion@h-66-134-43-212.snvacaid.covad.net Don't Touch Me Comes ~Read@80.78.226.176 Read Only * Parts ~Read@206.176.192.111 Read Only * Officials ~Read@66.98.204.56 Read Only * BaNNeD ~Read@TurboBDiesel.users.undernet.org Read Only * Regide ~Read@lahfaye.bgfservers.com Read Only * ImTheBoss ~Read@exo.phpwebhosting.com Read Only * Makara ~Read@ds80-237-204-8.dedicated.hosteurope.de Read Only * Distrus ~Read@69.10.154.150 Read Only * Read____ ~Read@210.1.50.2 Read Only * Read__ ~Read@67.18.145.210 Read Only * Read_____ ~Read@35-11-190-213.customers.iber-x.net Read Only * Read___ ~Read@80.86.206.30 Read Only * Read ~Read@217.148.176.138 Read Only * CapDeTaur httpd@24.180.128.140 Read Only * Motroi ~Read@195.66.106.30 Read Only * LcShells ~Read@206.251.242.140 Read Only * Cifre ~Read@212.43.237.40 Read Only * Complete ~Read@83.211.141.24 Read Only * ZidaneUs ~DhtTeam1@zealot.webnick.net Dorohoi-Hacking-Team !!! CheaterGo ~DhtTeam1@ip-211-122-134-202.rev.dyxnet.com Dorohoi-Hacking-Team !!! CheaterRu ~DhtTeam1@64.62.172.111 Dorohoi-Hacking-Team !!! CheaterUk ~DhtTeam1@64.71.141.167 Dorohoi-Hacking-Team !!! CheaterCr ~DhtTeam1@216.67.239.64 Dorohoi-Hacking-Team !!! CheaterSk ~DhtTeam1@64.246.56.54 Dorohoi-Hacking-Team !!! CheaterRk ~DhtTeam1@67.19.156.231 Dorohoi-Hacking-Team !!! CheaterRo ~DhtTeam1@67.19.156.227 Dorohoi-Hacking-Team !!! InDaHouze ~C-Strike@66.193.230.226 Dorohoi-Team ZidaneUs ~DhtTeam1@zealot.webnick.net Dorohoi-Hacking-Team !!! CheaterGo ~DhtTeam1@ip-211-122-134-202.rev.dyxnet.com Dorohoi-Hacking-Team !!! AlexWget ~C-Strike@server.incomware.com Dorohoi-Team CheaterRu ~DhtTeam1@64.62.172.111 Dorohoi-Hacking-Team !!! CheaterUk ~DhtTeam1@64.71.141.167 Dorohoi-Hacking-Team !!! A13xandru ~C-Strike@217.98.56.2 Dorohoi-Team SmEcHeRu ~C-Strike@adyinlove.users.undernet.org Dorohoi-Team AlexSunos ~C-Strike@66.194.41.172 Dorohoi-Team CheaterCr ~DhtTeam1@216.67.239.64 Dorohoi-Hacking-Team !!! CheaterSk ~DhtTeam1@64.246.56.54 Dorohoi-Hacking-Team !!! PuiDePix ~C-Strike@66.194.41.171 Dorohoi-Team AlexRoBoT ~C-Strike@66.194.41.171 Dorohoi-Team Dumi ~C-Strike@66.194.41.174 Dorohoi-Team AlexOut ~C-Strike@66.193.175.124 Dorohoi-Team TheHacers ~C-Strike@66.193.175.124 Dorohoi-Team CheaterRk ~DhtTeam1@67.19.156.231 Dorohoi-Hacking-Team !!! CheaterRo ~DhtTeam1@67.19.156.227 Dorohoi-Hacking-Team !!! update ~mos@AmCei7Ani.users.undernet.org MariusHacK The Hacker TeaM Dorohoi AllWanted ~craciun@InferNus.users.undernet.org MariusHacK The Hacker TeaM Dorohoi -- Matthew S. Hallacy FUBAR, LART, BOFH Certified http://www.poptix.net GPG public key 0x01938203
Only when they do something about it.
Trouble? When they have 40K extra users to pay for bandwidth (easily eats up a T1 or two), it's damage enough. Besides, would you like someone to launch "cyber A-Bombs" (phaa) from your network?
1. Worrying about personal privacy of their users, not wanting to bend too many rules to fight these drones that *appear* like regular users.
Appear? If you own one of the blocks below, please do something about it.
And I know people who mail abuse reports for hundreds of such *lists*, something /rarely/ gets done. One thing they focus on it taking down control web pages. For example if the runner would give a command: 'update http://etc.com/evil.trojan.exe' or if the drones spam themselves on irc.. then it's all about the abuse teams. Some are really responsive, some just ignore. Last time I took the time to inform ISP's about such a list was when it was a 700 large army of *nix boxes. Haven't seen one of those for years before that. It was 3 months ago or so. It was rather funny really. Lesson learned: don't use hostnames like "securebox" or "secureserver1" or such.
sadsa``` ~orion@67.98.36.19 Don't Touch Me `o`hj`h` ~orion@67.98.36.19 Don't Touch Me TaiFrunze ~orion@66.136.184.186 Don't Touch Me
{snip} I try and take care personally of drones and abusers I see coming from Israel.. it's way too much work and annoyance as it is, thanks though. Most ISP's truly don't want this as their own problem. I personally don't blame them. Luckily the ISP I work for has no home users. If you have any problem in Israel, whether with finding a contact or reaching law enforcement - feel free to email me and I'd be glad to find you a contact. Gadi.
On Sat, 9 Oct 2004, Gadi Evron wrote:
And I know people who mail abuse reports for hundreds of such *lists*, something /rarely/ gets done.
Easily over 1 million computers are being fixed every year. But compared to the success rate of the bot writers, the anti-bot tools fall far behind. Some people estimate between 10 million and 30 million new bots have been created this year. That number is probably a bit low, China was estimating 58% of business computers were infected. Heck, even Bill Gate's PC was compromised by mal-ware. I wonder if he fixed his computer himself, or had someone do it for him. http://www.cornellsun.com/vnews/display.v/ART/2004/10/07/4164c6695f58d Now I know exactly what you're thinking. Why not just skip the drama and move back into the dorms? Well, I don't know if I could stand another year of Resnet, CIT, and the kill-me-please psychological repercussions of both fiendish institutions. Twelve hours spent on hold for PC support and virus cleaning that eventually led to the total erasure of my entire hard drive a week before finals? I think that particular escapade, like death, classifies as one of those rare, once-in-a-lifetime experiences that I will never want to go through again. Masking infections is only a partial answer. As long as the computer is compromised, it can be taken over again in new ways. Going from fixing a million PCs a year to fixing 30 million (and probably more) PCs a year, needs to move beyond just sending complaints. Why don't people want to fix their computers? And even worse, why are so many people unsuccessfull fixing their computers? If it was as simple as making more lists, the problem would be solved. Lots of people are making lists, and the problem still hasn't been solved. So perhaps we need something new. There needs to be easy, non-technical things ordinary users can do to fix their computers, without losing all their files and spending hours on the phone with tech support. If virus writes are smart enough to infect their computers with one-click, perhaps the good guys can come up with ways to fix their computer with one-click. Sorry Grandma, you've just lost all the digital pictures of your grandkids growing up.
On Sat, 9 Oct 2004, Sean Donelan wrote:
Why don't people want to fix their computers? And even worse, why are so many people unsuccessfull fixing their computers?
I had a thread on this a month or two ago (i think it was nanog).. the simple answer that I find is they just dont care and/or are incapable. They dont care in that for many people, providing the computer still works, you're not getting charged (like you would be for pbx hacks) and they dont consider their PC to be critical to their daily lives they have no motivation to find the information and start to care. And they are incapable in that many recent worms/malware have spoofed being from authorities such as banks, microsoft, their ISP and they cannot distinguish between real and spoof and therefore ignore it when windows pops up to tell them they need to install the latest security patch. Coupled with this, they dont understand what virus scanners, firewalls, security patches are and think that by having one of these it will (a) be an all round security solution (b) not need their intervention to setup and maintain it.
If virus writes are smart enough to infect their computers with one-click, perhaps the good guys can come up with ways to fix their computer with one-click.
Of course the good guys are constrained by the law which the bad guys arent, we have seen instances of worms designed to close holes on computers but they are illegal (and didnt work). Also, the good guys always seek user authorisation (eg the window which pops up asking you if you want to install the latest dat) and I suggested above this is problematic for several reasons (user confusion, not wanting to install at that moment etc) .. the bad guys just go ahead and infect - and usually their payload is tiny compared to the Mbs we have to download each month in defenses. And of course, the final blow .. our OSes and apps will inevitably have holes in them, thats a consequence of complexity and I'm not sure how you can overcome that even with much more stringent testing and programming rules.. some of these hacks are pretty damn clever, abusing systems and having one system exploit a weakness in another system (eg using IE to circumvent OS security levels) in ways their designers never imagined and catered for. You only need to find one chink in the systems to produce malware but you need to find all the bugs to produce security apps. Steve
On Sat, 9 Oct 2004, Stephen J. Wilcox wrote:
They dont care in that for many people, providing the computer still works,
There are plenty of people driving their cars even though they know that their catalytic converter doesn't work properly, or their ignition is off and they're putting much more pollution into the air than they have to. Let's face it, people want their immediate problem solved first, if this affects others badly, that's a distant second priority, especially if it's an abstract harm they're causing. "No single drop of water will claim responsability for the flood" (got that off of despair.com). -- Mikael Abrahamsson email: swmike@swm.pp.se
But compared to the success rate of the bot writers, the anti-bot tools fall far behind. Some people estimate between 10 million and 30 million
Actually, there are some fine Anti Trojan (AT) tools out there. Try out The Cleaner and BOClean.
new bots have been created this year. That number is probably a bit low,
I'd estimate double that, but heck, I estimated there are drone armies when everybody said there is no such animal in existence... so I don't know about estimations.
Masking infections is only a partial answer. As long as the computer is compromised, it can be taken over again in new ways. Going from fixing a million PCs a year to fixing 30 million (and probably more) PCs a year, needs to move beyond just sending complaints.
It would be a good start.
Why don't people want to fix their computers? And even worse, why are
Want to fix their computers? Try smaller and easier. How about updating AV software, heck - how about INSTALLING AV software? Some say that computers demand a license, much like cars. I'm beginning to agree. It would never happen.
Sorry Grandma, you've just lost all the digital pictures of your grandkids growing up.
Eh? What grandkids? Oh! Those yes. Dementia, sorry. Gadi.
On Sat, 9 Oct 2004, Gadi Evron wrote:
But compared to the success rate of the bot writers, the anti-bot tools fall far behind. Some people estimate between 10 million and 30 million
Actually, there are some fine Anti Trojan (AT) tools out there. Try out The Cleaner and BOClean.
http://www.washingtonpost.com/wp-dyn/articles/A20665-2004Oct9.html Harris spent days trying to fix the computer, but the programs had multiplied to the point where he couldn't run anything else and he decided to give up on the machine. Last week, the 68-year-old retired aerospace engineer from Yorktown, Va., shelled out $1,000 for a new computer, but now he and his wife, Dorothy, use it only when absolutely necessary. "We have just about quit using the computer," he said. "It isn't worth the aggravation."
In the future, I'd be careful about posting this list to nanog, rather than privately to their respective security and abuse desks. I realize your intentions were good, but it's been pointed out before that this mailing list is monitored by the crackers controlling a lot of the bot networks, including Gregory "OseK" Taylor, Brian Bruns, and Andrew "Trelane" Kirch, so it's probably not a good idea to fuel them by listing the IP addresses of users with compromised machines. ---R On Fri, 8 Oct 2004 16:01:21 -0500, Matthew S. Hallacy <poptix@poptix.net> wrote:
On Fri, Oct 08, 2004 at 09:07:48PM +0200, Gadi Evron wrote:
Those drone armies that lurk on actual real networks are a major problem for the networks themselves, but I doubt anyone can blame them for:
Only when they do something about it.
1. Worrying about personal privacy of their users, not wanting to bend too many rules to fight these drones that *appear* like regular users.
Appear? If you own one of the blocks below, please do something about it.
sadsa``` ~orion@67.98.36.19 Don't Touch Me `o`hj`h` ~orion@67.98.36.19 Don't Touch Me TaiFrunze ~orion@66.136.184.186 Don't Touch Me Crist9597 ~orion@adsl-66-136-184-186.dsl.stlsmo.swbell.net Don't Touch Me Mihaiul ~orion@pD9F73FA3.dip.t-dialin.net Don't Touch Me Cs` ~tayrona@pD9F5AF65.dip.t-dialin.net Don't Touch Me __intzu__ ~alpina@pD9F5AF65.dip.t-dialin.net Don't Touch Me _ragonul_ ~alpina@203.115.112.137 Don't Touch Me Dragonul_ ~alpina@203.115.112.137 Don't Touch Me }-{ ~orion@66.88.13.142 Don't Touch Me {}- ~orion@66.88.13.142 Don't Touch Me Kyia_ ~tayrona@pD9F5AEFB.dip.t-dialin.net Don't Touch Me Rupetot ~weed@ptd2-d9b8264f.pool.mediaWays.net Don't Touch Me awa` ~imagine@ptd2-d9b8264f.pool.mediaWays.net Don't Touch Me Raz ~private@pD9F5AF4A.dip.t-dialin.net Don't Touch Me FacFocu ~orion@66.161.11.110 Don't Touch Me Cristi-- ~alpina@pD9F5AE4A.dip.t-dialin.net Don't Touch Me VandFan ~users@pD9F5AE17.dip.t-dialin.net Don't Touch Me Dragonul` ~tayrona@217.245.174.20 Don't Touch Me Viper18 ~users@pD9F5AE17.dip.t-dialin.net Don't Touch Me \op ~orion@h-66-134-43-211.snvacaid.covad.net Don't Touch Me Kyia ~weed@c-67-163-117-167.client.comcast.net Don't Touch Me n3fertiti ~users@ll194-33-222-204-194.ll194.iam.net.ma Don't Touch Me _____i___ ~orion@c-24-16-161-107.client.comcast.net Don't Touch Me Tzucky ~orion@MaKkInSus.users.undernet.org Don't Touch Me Cristel` ~orion@c-24-16-161-107.client.comcast.net Don't Touch Me ns0 ~orion@earth.sisioh.com Don't Touch Me Aiuritul ~ignore@ll194-33-222-204-194.ll194.iam.net.ma Don't Touch Me dragonul ~orion@67.40.239.163 Don't Touch Me Aiure`l ~orion@66.161.11.110 Don't Touch Me Avi0n ~orion@dsl092-179-090.sfo1.dsl.speakeasy.net Don't Touch Me Muthi_ ~orion@adsl-67-38-98-242.dsl.chcgil.ameritech.net Don't Touch Me forgrt ~orion@adsl-67-38-98-242.dsl.chcgil.ameritech.net Don't Touch Me Qp` ~orion@dsl092-032-218.lax1.dsl.speakeasy.net Don't Touch Me Pasarel ~orion@dsl092-032-218.lax1.dsl.speakeasy.net Don't Touch Me `p`p`p ~orion@202.39.224.36 Don't Touch Me Dragonel ~orion@202.39.224.36 Don't Touch Me polq ~orion@202.37.100.19 Don't Touch Me `o`o`o`o` ~orion@202.37.100.19 Don't Touch Me HanPanga ~orion@dsl092-030-100.sea2.dsl.speakeasy.net Don't Touch Me Hanga ~orion@dsl092-030-100.sea2.dsl.speakeasy.net Don't Touch Me helpMa ~orion@dsl092-030-249.sea2.dsl.speakeasy.net Don't Touch Me OrlanDo`` ~orion@rrcs-67-52-199-254.west.biz.rr.com Don't Touch Me ionmaria ~orion@dsl092-030-249.sea2.dsl.speakeasy.net Don't Touch Me Wow` ~orion@216.138.83.22 Don't Touch Me heart ~orion@WhaThaFack.users.undernet.org Don't Touch Me nicknam`` ~orion@67.69.108.212 Don't Touch Me _o_o_o ~orion@67.69.108.212 Don't Touch Me apometre ~orion@66.228.198.102 Don't Touch Me mutule ~orion@66.228.198.102 Don't Touch Me sugaciu`` ~orion@67.40.239.163 Don't Touch Me Rezerve ~imagine@c-67-164-103-112.client.comcast.net Don't Touch Me Sugaci`` ~orion@CPE-65-30-85-5.kc.rr.com Don't Touch Me daasd`` ~orion@CPE-65-30-85-5.kc.rr.com Don't Touch Me Soule ~fucked@c-67-164-103-112.client.comcast.net Don't Touch Me IP255 ~orion@uslec-66-255-65-10.cust.uslec.net Don't Touch Me Ghidon ~orion@adsl-66-218-54-38.dslextreme.com Don't Touch Me Minea ~orion@user-119bq9a.biz.mindspring.com Don't Touch Me Milimetru ~orion@mdsnwinrp3-pool0-a130.mdsnwi.tds.net Don't Touch Me centime ~orion@mdsnwinrp3-pool0-a130.mdsnwi.tds.net Don't Touch Me wip` ~orion@user-119bq9a.biz.mindspring.com Don't Touch Me ijij ~orion@Toronto-HSE-ppp3746549.sympatico.ca Don't Touch Me _o_ ~orion@rrcs-67-52-199-254.west.biz.rr.com Don't Touch Me afchd`` ~orion@Toronto-HSE-ppp3746549.sympatico.ca Don't Touch Me Aiureai ~orion@va-65-41-106-85.sta.sprint-hsd.net Don't Touch Me Save- ~weed@c-67-163-117-167.client.comcast.net Don't Touch Me Sugativa` ~orion@va-65-41-106-85.sta.sprint-hsd.net Don't Touch Me costi`` ~orion@66.88.191.62.ptr.us.xo.net Don't Touch Me }-{` ~orion@66.88.191.62.ptr.us.xo.net Don't Touch Me `o`o`o ~orion@67.39.113.154 Don't Touch Me wacdsfc ~orion@67.39.113.154 Don't Touch Me Cruella ~orion@216.138.83.22 Don't Touch Me So`what ~orion@ns1.kimbrand.net Don't Touch Me `o`o ~orion@li9-240.members.linode.com Don't Touch Me Dragon-` ~orion@li9-240.members.linode.com Don't Touch Me mysql ~orion@ns1.kimbrand.net Don't Touch Me MaArunc ~berg@66.192.122.27 Don't Touch Me InterGame ~orion@c66.203.200.210.tidc.telus.com Don't Touch Me Ampulea ~orion@c66.203.200.210.tidc.telus.com Don't Touch Me wadasd` ~orion@213.210.185.47.adsl.nextra.cz Don't Touch Me Vrabie ~orion@213.210.185.47 Don't Touch Me Ancas ~orion@66.192.122.27 Don't Touch Me Hacker-ul ~orion@67.32.12.11 Don't Touch Me Pilotu ~orion@mumiaX.users.undernet.org Don't Touch Me lamerul ~orion@66-194-148-180.gen.twtelecom.net Don't Touch Me Muthi ~orion@66-194-148-180.gen.twtelecom.net Don't Touch Me Pasarelu ~orion@216.198.204.226 Don't Touch Me `o`o``o` ~orion@216.198.204.226 Don't Touch Me Apometru ~orion@213.234.124.169 Don't Touch Me Soare` ~orion@213.234.124.169 Don't Touch Me qwewq ~property@213.237.106.4 Don't Touch Me Imagine ~orion@server195-228.matrix-server.co.uk Don't Touch Me SeeN ~orion@Flgurantu.users.undernet.org Don't Touch Me Saliva ~imagine@ptd2-d9b8264f.pool.mediaWays.net Don't Touch Me }[} ~orion@h-66-134-43-211.snvacaid.covad.net Don't Touch Me Polik ~orion@h-66-134-43-212.snvacaid.covad.net Don't Touch Me Comes ~Read@80.78.226.176 Read Only * Parts ~Read@206.176.192.111 Read Only * Officials ~Read@66.98.204.56 Read Only * BaNNeD ~Read@TurboBDiesel.users.undernet.org Read Only * Regide ~Read@lahfaye.bgfservers.com Read Only * ImTheBoss ~Read@exo.phpwebhosting.com Read Only * Makara ~Read@ds80-237-204-8.dedicated.hosteurope.de Read Only * Distrus ~Read@69.10.154.150 Read Only * Read____ ~Read@210.1.50.2 Read Only * Read__ ~Read@67.18.145.210 Read Only * Read_____ ~Read@35-11-190-213.customers.iber-x.net Read Only * Read___ ~Read@80.86.206.30 Read Only * Read ~Read@217.148.176.138 Read Only * CapDeTaur httpd@24.180.128.140 Read Only * Motroi ~Read@195.66.106.30 Read Only * LcShells ~Read@206.251.242.140 Read Only * Cifre ~Read@212.43.237.40 Read Only * Complete ~Read@83.211.141.24 Read Only * ZidaneUs ~DhtTeam1@zealot.webnick.net Dorohoi-Hacking-Team !!! CheaterGo ~DhtTeam1@ip-211-122-134-202.rev.dyxnet.com Dorohoi-Hacking-Team !!! CheaterRu ~DhtTeam1@64.62.172.111 Dorohoi-Hacking-Team !!! CheaterUk ~DhtTeam1@64.71.141.167 Dorohoi-Hacking-Team !!! CheaterCr ~DhtTeam1@216.67.239.64 Dorohoi-Hacking-Team !!! CheaterSk ~DhtTeam1@64.246.56.54 Dorohoi-Hacking-Team !!! CheaterRk ~DhtTeam1@67.19.156.231 Dorohoi-Hacking-Team !!! CheaterRo ~DhtTeam1@67.19.156.227 Dorohoi-Hacking-Team !!! InDaHouze ~C-Strike@66.193.230.226 Dorohoi-Team ZidaneUs ~DhtTeam1@zealot.webnick.net Dorohoi-Hacking-Team !!! CheaterGo ~DhtTeam1@ip-211-122-134-202.rev.dyxnet.com Dorohoi-Hacking-Team !!! AlexWget ~C-Strike@server.incomware.com Dorohoi-Team CheaterRu ~DhtTeam1@64.62.172.111 Dorohoi-Hacking-Team !!! CheaterUk ~DhtTeam1@64.71.141.167 Dorohoi-Hacking-Team !!! A13xandru ~C-Strike@217.98.56.2 Dorohoi-Team SmEcHeRu ~C-Strike@adyinlove.users.undernet.org Dorohoi-Team AlexSunos ~C-Strike@66.194.41.172 Dorohoi-Team CheaterCr ~DhtTeam1@216.67.239.64 Dorohoi-Hacking-Team !!! CheaterSk ~DhtTeam1@64.246.56.54 Dorohoi-Hacking-Team !!! PuiDePix ~C-Strike@66.194.41.171 Dorohoi-Team AlexRoBoT ~C-Strike@66.194.41.171 Dorohoi-Team Dumi ~C-Strike@66.194.41.174 Dorohoi-Team AlexOut ~C-Strike@66.193.175.124 Dorohoi-Team TheHacers ~C-Strike@66.193.175.124 Dorohoi-Team CheaterRk ~DhtTeam1@67.19.156.231 Dorohoi-Hacking-Team !!! CheaterRo ~DhtTeam1@67.19.156.227 Dorohoi-Hacking-Team !!! update ~mos@AmCei7Ani.users.undernet.org MariusHacK The Hacker TeaM Dorohoi AllWanted ~craciun@InferNus.users.undernet.org MariusHacK The Hacker TeaM Dorohoi
-- Matthew S. Hallacy FUBAR, LART, BOFH Certified http://www.poptix.net GPG public key 0x01938203
On Sat, 2004-10-09 at 19:32 -0400, Ricardo "Rick" Gonzalez wrote:
In the future, I'd be careful about posting this list to nanog, rather than privately to their respective security and abuse desks.
I realize your intentions were good, but it's been pointed out before that this mailing list is monitored by the crackers controlling a lot of the bot networks, including Gregory "OseK" Taylor, Brian Bruns, and Andrew "Trelane" Kirch, so it's probably not a good idea to fuel them by listing the IP addresses of users with compromised machines.
---R
Let me make this clear, I have never and will never run a DDoS netowrk, or any sort of botnet. I don't even have an eggdrop. Thus I suggest the following. A: publically refute and apologize for this baseless claim. or B: show evidence that would be admissable in a court of law, such as the one you'd be in if you were sued for slander because of these remarks. Baseless accusations are stupid, especially on a public and web-indexed mailing list, after all you never know who's watching. I apologize for bringing this up yet again, but 1. IRC, and specifically EFnet related politics have no place here, they are OFFTOPIC, and those who participate in them (perhaps even myself for this response) should have their posting rights immediately revoked. 2. Use of this list to launch personal attacks with tenative if any evidence of any wrongdoing whatsoever should be grounds to have your posting rights immediately revoked, and anyone posting from yahoo/gmail/hotmail should have their posting rights immediately revoked because obviously they have no claim whatsoever to any critical Network Operations. -- Andrew D Kirch | Abusive Hosts Blocking List | www.ahbl.org Security Admin | Summit Open Source Development Group | www.sosdg.org Key At http://www.2mbit.com/~trelane/trelane.asc Key fingerprint = B4C2 8083 648B 37A2 4CCE 61D3 16D6 995D 026F 20CF
On Wed, Oct 13, 2004 at 12:11:38AM -0500, Andrew D Kirch wrote:
or any sort of botnet. I don't even have an eggdrop. Thus I suggest the following. A: publically refute and apologize for this baseless claim. or B: show evidence that would be admissable in a court of law, such as the one you'd be in if you were sued for slander because of these remarks.
Libel, not slander. Please use correct terminology when making legal threats. :) -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
--- Andrew D Kirch <trelane@trelane.net> wrote: ...
and anyone posting from yahoo/gmail/hotmail should have their posting rights immediately revoked because obviously they have no claim whatsoever to any critical Network Operations.
You had me until then: has it not occurred to you that some of us work for large corporations which would rather not make official stands on the topics discussed on the NANOG list? There is a certain plausible deniability which is created by using a yahoo/etc account. Furthermore, some of us have changed jobs inside the field, and the use of personal email addresses avoids any complications with that. Also, it avoids the stupid autoresponder issues which some corporations force upon their employees. Your argument works if you're the boss. If you're not, of if there's any PHBs above you, it's better to stick with the private email. ===== David Barak -fully RFC 1925 compliant- _______________________________ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com
On Wed, 13 Oct 2004, David Barak wrote:
and anyone posting from yahoo/gmail/hotmail should have their posting rights immediately revoked because obviouslythey have no claim whatsoever to any critical Network Operations.
You had me until then: has it not occurred to you that some of us work for large corporations which would rather not make official stands on the topics discussed on the NANOG list? There is a certain plausible deniability which is created by using a yahoo/etc account.
I have no problem with those using yahoo or hotmail accounts, to create new email account not associated with actual work address. But I do have problem if service provider makes it too easy to create new virtual identities without providing a way to identify real origin of email. This offers opportunity for various forms of public forum denial of service attacks. Two email service providers that do come to mind that offer this are hashmail and gmail as neither one of them puts ip address of the user into email headers. As such I consider anybody posting from email account with one of these providers to be of very questinable origin and consider his words and his name in similar way. -- William Leibzon Elan Networks william@elan.net
Anybody know of any prolonged outages at Microsoft (MSN messenger)today?
Chaim Fried wrote:
Anybody know of any prolonged outages at Microsoft (MSN messenger)today?
Sure. It was also down for "scheduled maintenance" for quite a while yesterday. Their website also only barfs out messages like Server Error in '/' Application. ------------------------------------------------------------------------ /Runtime Error/ *Description: *An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine. The main question is, what's new here? Pete
Papal Catholicism? Ursal defecation in forested terrain? -- Jay Hennigan - CCIE #7880 - Network Administration - jay@west.net WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
On Mon Oct 11, 2004, Jay Hennigan wrote:
Papal Catholicism?
not a good forum to make this statement. Thanks, German -- "Discouragement is an enemy of your perseverance. If you don't fight against discouragement you will become pessimistic first, and lukewarm afterwards. Be an optimist" -- St. JoseMaria Escriva (1902 - 1975) Opus Dei's Founder
I've been using MSN messenger all morning and it has been working fine for me. I havnt heard of anyone having problems with it either. On Mon, 2004-10-11 at 11:26, Chaim Fried wrote:
Anybody know of any prolonged outages at Microsoft (MSN messenger)today?
Thornton Cierra Group www.cierragroup.com Efficient Licensing and Consulting
Ar Mon, 11 Oct 2004 14:26:33 -0400, scr�obh Chaim Fried:
�Anybody know of any prolonged outages at Microsoft (MSN �messenger)today?
Yes we've been having them for the past two days... messenger.msn.com has been unreachable for approximately 93.27% of the two days. We've had to resort to using ICQ. Doesn't get past the international carrier of any of our providers (4 of). traceroute: Warning: messenger.msn.com has multiple addresses; using 65.54.213.62 traceroute to messenger.msn.com (65.54.213.62), 30 hops max, 38 byte packets 1 10.2.0.1 (10.2.0.1) 0.217 ms 0.142 ms 0.114 ms 2 62.231.46.89 (62.231.46.89) 3.544 ms 1.687 ms 1.735 ms 3 tallaght-vl-vlan-1.irishbroadband.ie (62.231.34.113) 173.032 ms 23.036 ms 4.221 ms 4 3rock-et-2-4.irishbroadband.ie (62.231.32.149) 7.103 ms 12.946 ms 5.979 ms 5 rte-et-2-7.irishbroadband.ie (62.231.32.182) 6.499 ms 8.569 ms 6.775 ms 6 ix-et-1-1.irishbroadband.ie (195.26.12.61) 13.756 ms 8.465 ms 11.021 ms 7 213.228.228.82 (213.228.228.82) 158.750 ms 157.042 ms 159.437 ms 8 * * * <snip stars> Ken
same here at .sv here we felt it as inconsistent service but then in got kaputt. On 11 Oct 2004 at 14:26, Chaim Fried wrote:
Anybody know of any prolonged outages at Microsoft (MSN messenger)today?
-- Miguel Mata-Cardona Intercom El Salvador mmata@intercom.com.sv voz: ++(503) 278-5068 fax: ++(503) 265-7024 "Intercom, sus Telecomunicaciones en buenas manos"
On 11/10/2004 12:26 PM Chaim Fried wrote:
Anybody know of any prolonged outages at Microsoft (MSN messenger)today?
http://messenger.msn.com/Status.aspx ---------------------------------------------------------------------- All Features. The .NET Messenger Service is temporarily unavailable. Please try again later. Last Update: 10/11/2004 10:07:00 AM Pacific Time (GMT -8:00) ---------------------------------------------------------------------- Todd
participants (21)
-
Andrew D Kirch
-
Chaim Fried
-
Cliff Albert
-
David Barak
-
Drew Weaver
-
Gadi Evron
-
German Martinez
-
Jay Hennigan
-
Ken Gilmour
-
Matthew S. Hallacy
-
Miguel Mata-Cardona
-
Mikael Abrahamsson
-
Petri Helenius
-
Ricardo "Rick" Gonzalez
-
Richard A Steenbergen
-
Richard Danielli
-
Sean Donelan
-
Stephen J. Wilcox
-
Thornton
-
Todd Mitchell - lists
-
william(at)elan.net