[Intrusions] global xing intrusions autobotforwards[ISEC-TKT:683210] [ISEC-TKT:683208]
kenneth gf brown
ken at shadowplay.net
Fri Feb 11 18:03:42 GMT 2005
thnx mr smith
> -----Original Message-----
> From: intrusions-bounces at lists.sans.org
> [mailto:intrusions-bounces at lists.sans.org] On Behalf Of Smith, Donald
> Sent: February 11, 2005 08:07
> To: Intrusions List (GCIA Practicals); Intrusions List (GCIA
> Practicals)
> Subject: RE: [Intrusions] global xing intrusions
> autobotforwards[ISEC-TKT:683210] [ISEC-TKT:683208]
>
>
> I forward this to a global crossing security person.
> They said they would take care of it. I believe it has been
> fixed. Someone submitted their isecq address to get
> intrusions emails which was later forwarded to their abuse
> (auto responder) alias. If you see it again let me know and I
> can follow up with gblx.
>
> donald.smith at qwest.com giac
>
> ________________________________
>
> From: intrusions-bounces at lists.sans.org on behalf of Ken Connelly
> Sent: Sun 2/6/2005 5:39 PM
> To: Intrusions List (GCIA Practicals)
> Cc: security at gblx.net
> Subject: Re: [Intrusions] global xing intrusions autobot
> forwards[ISEC-TKT:683210] [ISEC-TKT:683208]
>
>
>
> I complained about this to the intrusions list owner(s) two
> or three weeks ago, but haven't heard anything in response.
> My take on it is that a mailing list (ipadmin) has been
> subscribed to the Intrusions list, and that some address at
> Global Crossing that autoresponds is a member of that ipadmin
> list. First of all, it's *really* bad form to subscribe a
> list to a list. Second, if some member of the second list is
> an autoresponder, that just compounds things.
>
> - ken (the other)
>
> kenneth gf brown wrote:
>
> >Re: [ISEC-TKT:683210] [ipadmin] [Intrusions] FW: unauthorised ssh
> >exploit attmepts to our servers
> >Re: [ISEC-TKT:683208] [ipadmin] [Intrusions] FW:
> unauthorised root ssh
> >exploit attmepts to our servers
> >
> >has anyone else noticed reply postings from
> >
> >Global Crossing Internet Security [isecq at gblx.net]
> >in response to posts or reports sent to intrusions ??
> >
> >hey GLOBAL CROSSING GUYS!!!!
> >
> >can you please investigate that your automated responder is not
> >replying to posts on this list... and asking me to chose
> which division
> >of your company shold receive a post from this list... isnt
> that YOUR
> >job???
> >
> >at no point did I directly send to any address at gblx.net
> >the redirect to an autoresponder asking me to
> >redirect mail to security or abuse
> >is anoying as all hell.
> >
> >and the headers are indicating that you GOT THE post off intrusions.
> >
> >see the two attached emails.
> >
> >
> >
> >
> >
> >ken at shadowplay.net http://www.shadowplay.net
> >Phone: 204.284.3481 Toll Free: 866.590.0023
> >Mobile: 204.470.9158
> >
> >FOR CLIENT SUPPORT PLEASE CALL 204.470.9021
> >or email support at shadowplay.net
> >
> >
> >
> >
> >-------------------------------------------------------------
> ----------
> >-
> >
> >_______________________________________________
> >Intrusions mailing list
> >Intrusions at lists.sans.org
> >http://www.dshield.org/mailman/listinfo/intrusions
> >
> >
> _______________________________________________
> Intrusions mailing list
> Intrusions at lists.sans.org
> http://www.dshield.org/mailman/listinfo/intrusions
>
>
> _______________________________________________
> Intrusions mailing list
> Intrusions at lists.sans.org
> http://www.dshield.org/mailman/listinfo/intrusions
>
>
> __________ NOD32 1.996 (20050210) Information __________
>
> This message was checked by NOD32 antivirus system.
> http://www.nod32.com
>
>
More information about the Intrusions
mailing list