[Dshield] amihacked.com now without portscan

Henry Hertz Hobbit hhhobbit at comcast.net
Thu Mar 3 01:47:09 GMT 2005


On Wed, 2005-03-02 at 12:16, Johannes B. Ullrich wrote:
> Per request from the ISP (Valueweb), I had to turn off
> the portscan feature. They did receive a complaints from
> people. I ran a system like that before, and it turns out
> that quite a few people forget that they asked for the
> scan :-(. Oh well. I don't have an issue with Valueweb's
> decision on this, and actually think they handled it quite
> well (better then other ISPs that would just have dumped the
> complaints to /dev/null). They gave me a call to notify about the 
> complaints, and forwarded an anonymized snippet from a zonealarm log 
> someone sent them.
> 
> Even without the portscan, I am trying to keep cranking on the
> page in a more 'passive' way. Maybe I will add the portscan again later 
> if I find an ISP willing to deal with the reports.

Johannes:

FOR HEAVEN'S SAKE!  JOHANNES, YOU ARE NUMBER ONE IN MY BOOK!!!!!!!

YOU TOLD THEM THEY HAD TO ENTER THE NUMBER FOR THE PORT SCAN MANUALLY! 
I could have cared less if you allowed me to copy and paste the number
because I am going up against far worse scumbags in doing what I do.  So
are *MANY* people that are MUCH better than me.  If somebody is so thin
skinned that they are complaining, they should realize that Johannes
indicated to them in advance what is coming.  How can we find out what
will whack us if we don't whack ourselves?   I have a feeling that when
all the fur settles that the people complaining will realize that it is
these little things that stir us out of our lethargy into realizing that
we are not as secure as we think we are.  In case you are wondering, I
am smiling as I write this.  That is because I KNOW I am not secure. 
You didn't get my internal address, but NOW you have it, now that you
know where to look.  EVERYBODY CAN KNOW WHAT IT IS!  That means you know
what my internal subnet is!  For sites that have multiple subnets, we
still have many more subnets to map out.  But EVERYBODY CAN DO IT!

The issue with an internal subnet disclosed in an email is a troubling
issue.  Now I am not smiling.  We need to protect people's internal
subnets.

You need to realize that I have other issues other than this.  I could
not verify your (Johannes') PGP keys in Mozilla / Mail, so I allowed it
to update the keys from the .de server.  Now the new keys are causing
problems in Evolution.  The keys Johannes emailed me worked in
Evolution, but not in Thunderbird.  I have experienced this problem not
only with Johannes, but with somebody else, and it is yet another
unresolved issue.  Maybe upgrading to a newer version of Evolution will
help.  I am NOT holding my breath.  Forget the "web of trust" until this
is resolved.  THERE IS NO TRUST UNTIL THIS ISSUE IS RESOLVED.  For
people, that are in various PGP groups (GnuPG) you have my permission to
stir things up here.  If you want to do something good, make sure that
the unwashed masses can use PGP with Outlook Express. THIS IS
IMPERATIVE! (note that Latin derived word).

I sent your test site to my brother who works for Edison Electric that
provides electric service for Los Angeles.  I hope they were not the
ones that turned the heat on you.  If that is what caused it, I
APOLOGIZE!  My statement stands and will always stand - if we don't find
the holes first, a hacker will find them for us.  The hackers won't be
nearly as kind!    I am bcc'ing this message to my brother's private
address (the company is STUPIDLY rejecting a connection).  If they think
they can protect themselves by turning the heat on, there are other far
less open people than those in this newsgroup that are not as kind, and
not as open that will exploit these issues.  Not allowing the white hats
(I consider Johannes to be one of us but I may be wrong - it would take
years to learn that and I could still be wrong and you could be wrong
about me) to find something isn't helping ANYBODY.  Every concept should
be evaluated on its own merit.  It should not stand based on who the
person is that is making it (I AM NOBODY).  TEST IT!

Everything I have researched so far in the RFCs reveals we need to
address the internal address in email.  It needs to be changed IF people
want their internal IP address space to be hidden. If they don't want it
hidden, it is a non-issue.  If they do want it hidden, then it is an
issue.  It is an issue to me!  Here is what I have found so far (but
others found it before me - [ Brance Amussen :)_S <brance at jhu.edu> ]

http://www.ietf.org/rfc/rfc2821.txt?number=2821

The people smarter than me now have it well in hand.  Now I have
something more important to do.  GB (0.1.0.4) needs to be told that MD5
check sums have been completely hacked.  He needs to upgrade to SHA-1
checksums (which have been dropped from from 2^80 to 2^69 by researchers
in China).  I have my priorities straight.  For the rest of you, stop
pissing on Johannes.  He is doing a wonderful job.  I am looking forward
to him hitting me again (I AM NOT IMMUNE)!  NOBODY IS IMMUNE!

HHH

PS  I just heard SBC is saying that they are going to provide broadband
to EVERYBODY!   I am not holding my breath that SBC, PACTEL, Comcast,
and others are going to bend over backwards to help people. THEY PISS ON
EVERYBODY FOR A PRICE - $$$$.
-- 
Key Name:  "Henry Hertz Hobbit"
Key fingerprint = 924E BE61 1ACF B87A DCA9 009E E74C 183D 0164 F7D5




More information about the list mailing list