just had a couple of copies of this come through from rse@Engelschall ...
someone needs to check their machine
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
More likely a faked 'From' address. While possible, it's highly improbable
that the source is actually Ralf's machine. I've routed my copies to
/dev/null so I can't examine the headers to determine if the source address
actually resides in Europe or not.
Kind Regards,
-dsp
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]On Behalf Of madhon
> Sent: Friday, February 27, 2004 6:31 PM
> To: modssl-users@modssl.org
> Subject: rse has beagle-a virus ?
>
>
> just had a couple of copies of this come through from rse@Engelschall ...
> someone needs to check their machine
>
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>
>
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
At 18:50 27-02-2004 -0500, Dave Paris wrote:
>More likely a faked 'From' address. While possible, it's highly improbable
>that the source is actually Ralf's machine. I've routed my copies to
>/dev/null so I can't examine the headers to determine if the source address
>actually resides in Europe or not.
Here you have a few of them. Nothing goes to /dev/null here without me
looking at it first :)
Those were send to this list:
Received: from cruzeiro (cruzeiro.fisc.wwu.edu [140.160.220.200])
by master.modssl.org (Postfix) with SMTP id 8EBC7A8934
Received: from CLS-TORG1010-24 (torg1010-24.its.vt.edu [128.173.44.188])
by master.modssl.org (Postfix) with SMTP id 245B5A8934
Received: from AdamBroughton (asdl00.ae.gatech.edu [130.207.39.100])
by master.modssl.org (Postfix) with SMTP id 96173A8934
Received: from woofie (A052105.N1.Vanderbilt.Edu [129.59.52.105])
by master.modssl.org (Postfix) with SMTP id 37622A8934
Received: from CLS-TORG1010-30 (torg1010-30.its.vt.edu [128.173.44.194])
by master.modssl.org (Postfix) with SMTP id 7A3C1A8941
Anyone seeing their own IP should at least go to an online scanner like
http://housecall.trendmicro.com or http://www.symantec.com
Have fun with them..
B.
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
As I suspected, none of these messages originate from Ralf. Just
checking the original headers on the most recent batch of six I got
overnight...
from cruzeiro (cruzeiro.fisc.wwu.edu [140.160.220.200]) by master.modssl.org
from CLS-TORG1010-27 (torg1010-27.its.vt.edu [128.173.44.191]) by
master.modssl.org
from CLS-TORG1010-24 (torg1010-24.its.vt.edu [128.173.44.188]) by
master.modssl.org
from CLS-TORG1010-30 (torg1010-30.its.vt.edu [128.173.44.194]) by
master.modssl.org
from woofie (A052105.N1.Vanderbilt.Edu [129.59.52.105]) by master.modssl.org
from AdamBroughton (asdl00.ae.gatech.edu [130.207.39.100]) by
master.modssl.org
What this tells me is that someone realized the .edu addresses on the
listserv were low hanging fruit. Nice job. Try partying less, studying
more, and figure out how to keep yourself from being infected (on
multiple fronts). [aside: pisses me off that I have to deal with spam
from cracked/infected boxes from .edu domains ... I think I'm just going
to reject all .edu-headered mail. it's a hugely sad commentary that
people from institutions of *higher* education can't grasp the concept
of DON'T CLICK ON F^&KING ATTACHMENTS YOU'RE NOT EXPECING and USE A
F#@KING A/V PACKAGE ALREADY, DAMNIT. I mean really, people.. you're
shelling out a TON of money and you don't seem to be one lick smarter
than Jimmy Joe-Jobber's mom who'll click on everything and anything
since getting her PC two weeks ago. If you're as f%$king stupid as you
appear to be, give it up .. save yourself the money and give your slot
at school to someone else. There no shame in doing manual labor for a
living. Society needs both ends of the spectrum. If you can't figure
out the "don't click" stuff, I have no idea what you're going to do with
number theory or algorithms (assuming you're in a CS program). I vote
to kick the .edu's off the listserv until they prove they've got an
intellectual agility quotient above that of a small soapdish. If this
pisses off admins for .edu's, sorry .. life's a bitch, grab a helmet.
The rest of us out in the real world have to deal with [l]users like
this and keep our networks clean for the rest of the planet - you're no
different... you just have a harder job that I certainly don't envy.
Perhaps instituting a "three strikes" policy for students .. the first
infection gets you a warning .. the second gets you booted off the
school's network .. the third (meaning you violated both the 2nd AND
1st) gets you booted from school. Hrmm.. not a bad idea, I suppose.
Anyway .. rant mode is now OFF.]
Kind-ish Regards,
-dsp :-)
[...]
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
Well now, this wins the award for the silliest rant I've heard for a
while. I mean really, Dave... get a grip.
--=20
Keith Hunt 330.972.7968 keith@uakron.edu
Internet & Server Systems
The University of Akron=20
=20
> -----Original Message-----
> From: owner-modssl-users@modssl.org=20
> [mailto:owner-modssl-users@modssl.org] On Behalf Of Dave Paris
> Sent: Saturday, February 28, 2004 7:25 AM
> To: modssl-users@modssl.org
> Subject: Re[2]: rse has beagle-a virus ?
>=20
> As I suspected, none of these messages originate from Ralf. Just=20
> checking the original headers on the most recent batch of six I got=20
> overnight...
>=20
> from cruzeiro (cruzeiro.fisc.wwu.edu [140.160.220.200])=09
> by master.modssl.org
> from CLS-TORG1010-27 (torg1010-27.its.vt.edu=20
> [128.173.44.191]) by=20
> master.modssl.org
> from CLS-TORG1010-24 (torg1010-24.its.vt.edu=20
> [128.173.44.188]) by=20
> master.modssl.org
> from CLS-TORG1010-30 (torg1010-30.its.vt.edu=20
> [128.173.44.194]) by=20
> master.modssl.org
> from woofie (A052105.N1.Vanderbilt.Edu [129.59.52.105])=09
> by master.modssl.org
> from AdamBroughton (asdl00.ae.gatech.edu [130.207.39.100]) by=20
> master.modssl.org
>=20
> What this tells me is that someone realized the .edu addresses on the=20
> listserv were low hanging fruit. Nice job. Try partying=20
> less, studying=20
> more, and figure out how to keep yourself from being infected (on=20
> multiple fronts). [aside: pisses me off that I have to deal=20
> with spam=20
> from cracked/infected boxes from .edu domains ... I think I'm=20
> just going=20
> to reject all .edu-headered mail. it's a hugely sad commentary that=20
> people from institutions of *higher* education can't grasp=20
> the concept=20
> of DON'T CLICK ON F^&KING ATTACHMENTS YOU'RE NOT EXPECING and USE A=20
> F#@KING A/V PACKAGE ALREADY, DAMNIT. I mean really, people.. you're=20
> shelling out a TON of money and you don't seem to be one lick smarter=20
> than Jimmy Joe-Jobber's mom who'll click on everything and anything=20
> since getting her PC two weeks ago. If you're as f%$king=20
> stupid as you=20
> appear to be, give it up .. save yourself the money and give=20
> your slot=20
> at school to someone else. There no shame in doing manual=20
> labor for a=20
> living. Society needs both ends of the spectrum. If you=20
> can't figure=20
> out the "don't click" stuff, I have no idea what you're going=20
> to do with=20
> number theory or algorithms (assuming you're in a CS=20
> program). I vote=20
> to kick the .edu's off the listserv until they prove they've got an=20
> intellectual agility quotient above that of a small soapdish.=20
> If this=20
> pisses off admins for .edu's, sorry .. life's a bitch, grab a helmet.=20
> The rest of us out in the real world have to deal with [l]users like=20
> this and keep our networks clean for the rest of the planet -=20
> you're no=20
> different... you just have a harder job that I certainly don't envy.=20
> Perhaps instituting a "three strikes" policy for students ..=20
> the first=20
> infection gets you a warning .. the second gets you booted off the=20
> school's network .. the third (meaning you violated both the 2nd AND=20
> 1st) gets you booted from school. Hrmm.. not a bad idea, I suppose.=20
> Anyway .. rant mode is now OFF.]
>=20
> Kind-ish Regards,
> -dsp :-)
> [...]
>=20
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>=20
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
On Mon, 1 Mar 2004, Hunt,Keith A wrote:
> Well now, this wins the award for the silliest rant I've heard for a
> while. I mean really, Dave... get a grip.
Seriously.
Not to mention that my primary email address is jwoolley@virginia.EDU.
But you know, feel free to block me if you like. All the less stuff for
me to worry about. ;) hehe. Here's a revolutionary little idea... if
you don't like spam and email worms... how about (gasp) installing
SpamAssassin and some antivirus software. :-P
--Cliff
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
On Mon, Mar 01, 2004 at 01:59:29PM -0500, Cliff Woolley wrote:
> Not to mention that my primary email address is jwoolley@virginia.EDU.
> But you know, feel free to block me if you like. All the less stuff for
> me to worry about. ;) hehe. Here's a revolutionary little idea... if
> you don't like spam and email worms... how about (gasp) installing
> SpamAssassin and some antivirus software. :-P
>
Unplugging the network cable worked well to make NT4 secure up to the c2
level - I'm pretty sure that a similar trick would be quite efficient in
avoiding spam ;)
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
Dave Paris wrote on 2/28/2004 4:24:
> I vote
> to kick the .edu's off the listserv until they prove they've got an
> intellectual agility quotient above that of a small soapdish. If this
> pisses off admins for .edu's, sorry .. life's a bitch, grab a helmet.
Now, there are .edu admins who actually know what they are doing.
Here our admins actively scan machines, and isolate infected ones from
the Net.
The last ones came from Lucent, anyway:
Received: from auemail2.firewall.lucent.com (auemail2.lucent.com [192.11.223.163])
by master.modssl.org (Postfix) with ESMTP id E05B4A8A6F
for
Received: from cinjjtu (h135-252-58-142.lucent.com [135.252.58.142])
by auemail2.firewall.lucent.com (Switch-2.2.8/Switch-2.2.8) with SMTP id
i228Xe327008
for
so the "real world" can't keep their machines clean, either...
-Joe
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org