[Dshield] Re: A few followup points

Ed Truitt ed.truitt at etee2k.net
Thu Mar 21 13:26:25 GMT 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Also, can you take a look at one of the emails using a regular text
editor?  Since the "damage" is done, save the thing to a plain text
file and open it with vi.  You should then be able to see the web
bugs (HTML code) in the email.

Cheers,
Ed Truitt
PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9
http://www.etee2k.net
http://www.bsatroop148.org

"Note to spammers:  my 'delete' key is connected to YOUR ISP. 
 Also, if you send me UCE, I reserve the right to post your spew 
on my Web site, with the appropriate color commentary, so that 
others may have a good laugh at your expense."

- ----- Original Message ----- 
From: "John Groseclose" <iain at caradoc.org>
To: <list at dshield.org>
Sent: Wednesday, March 20, 2002 2:33 PM
Subject: Re: [Dshield] Re: A few followup points


[snip]
> I suspect that the port 80 outbound traffic that you're seeing is
> embedded information sourced from a remote webserver. Can you sniff
> the traffic and see exactly what's happening? 
[snip]

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPJnffNuunCUC+Qq5EQL0XwCgg4jHpc7wAnrNWAu4r9qxOaV54L4An2/F
naK/gEsYhla8d/An4kXj10nf
=LiDe
-----END PGP SIGNATURE-----




More information about the list mailing list