| TIP: Click on subject to list as thread! | ANSI |
| echo: | |
|---|---|
| to: | |
| from: | |
| date: | |
| subject: | Re: Did Anyone Else Notice that Apple Lost $4 Billion in Value Yesterda |
From: waldo kitty
"Geo." wrote in news:464efd0e$1{at}w3.nls.net:
> "waldo kitty" wrote in message
> news:Xns99349798E478Cme42{at}216.144.1.254...
>
>>> (unless you think their internal network has been compromised)
>>
>> i do... especially when one looks at the penetration that the botnet
>> masters
>
> Internet network penetration is going to be one of the major issues over
> the next 5-10 years. I don't think the corporate world has yet realized
> just how many internal networks are compromised and how information from
> these networks can be used to financial advantage.
i _know_ that they don't know how well infiltrated they are... i see all
too much shit (on my little server) coming from places that it normally
wouldn't and it is definitely not a human doing it... at least not one
there with a browser... i've seen more and more like my windowslinks stuff
i've written about recently... it is definitely being done by a bot as only
the html file is called (no images, scripts, counters, etc) =and= it also
appears that it is spoofing the IP addresses...
here's an example i stumbled across...
localhost - - [02/May/2007:08:42:43 -0400] "GET /windowslinks.html
HTTP/1.1" 200 12642 "-" "Mozilla/4.0 (compatible; MSIE
6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
there is absolutely _no_ way for that to be... first of all, there's no
browser on that box... second of all, it flat out cannot run MSIE... thrid
of all, it definitely is _not_ running windows of any kind (it =can't=!)...
now, how can the origin of spoofed IPs be tracked back?
i'm fixing to convert that page to a php file that actively logs each and
every hit so that the possibly proxy indicators might be seen... of course,
if this is from a spammer botnet and something they wrote, they may have
even left that part out... whatever the case, the above very definitely
demonstrates that i'm being hit with spoofed IPs... it also seems to point
to the hiding of botnet traffic within "legitimate" data
streams...
it may not even be a spammer's botnet... it could be something else... i
dunno... i do have, finally, a full list of CIDRs for CHINA and KOREA and
have stuffed them in the firewall's IPBLOCK list O:)
--
_\/
({at}{at}) Waldo Kitty, Waldo's Place USA
__ooO_( )_Ooo_____________________ telnet://bbs.wpusa.dynip.com
_|_____|_____|_____|_____|_____|_____ http://www.wpusa.dynip.com
____|_____|_____|_____|_____|_____|_____ ftp://ftp.wpusa.dynip.com
_|_Eat_SPAM_to_email_me!_YUM!__|_____|_____ wkitty42 -at- alltel.net
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)SEEN-BY: 633/267 @PATH: 379/45 1 633/267 |
|
| SOURCE: echomail via fidonet.ozzmosis.com | |
Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.