[unisog] *NOT* a False alarm - Windows "diplomas" message

Anderson Johnston andy at umbc.edu
Thu Oct 10 21:50:28 GMT 2002


Thanks, Ryan!

The whole regsitration is:

OrgName:    Uninet S.A. de C.V.
OrgID:      UNSA

NetRange:   148.221.0.0 - 148.221.255.255
CIDR:       148.221.0.0/16
NetName:    UNINET-NETBLK-12
NetHandle:  NET-148-221-0-0-1
Parent:     NET-148-203-0-0-1
NetType:    Reallocated
NameServer: DNS.UNINET.NET.MX
NameServer: NSGDL1.UNINET.NET.MX
Comment:
RegDate:    2000-10-10
Updated:    2000-10-10

TechHandle: IU1-ARIN
TechName:   Uninet, IPs
TechPhone:  (52)54-90-70-51
TechEmail:  ips-adm at uninet.net.mx

I'll check for traffic from the IP.


On Thu, 10 Oct 2002, Tony Wright wrote:

>
> Ryan Inman trapped the ip address.
>
> On Thu, 10 Oct 2002, Ryan Inman wrote:
>
> > It hit my machine and I was able to capture the IP which was sent to
> abuse.
> > But, fyi in case it hits you...
> >
> > IP=148.221.145.177
>
> dup-148-221-145-177.prodigy.net.mx
>
>
>
> On Thu, 10 Oct 2002, Stacey Conrad wrote:
>
> > We saw the same thing here today as well.
> >
> > /stacey/
> >
> >
> > -----Original Message-----
> > From: Sims, David [mailto:dsims at clark.edu]
> > Sent: Thursday, October 10, 2002 2:30 PM
> > To: 'unisog at sans.org'
> > Subject: RE: [unisog] *NOT* a False alarm - Windows "diplomas" message
> >
> >
> > We are now seeing this on our NT 4.0 server console.
> >
> > Unknown at this point where it is coming from.
> >
> > David Sims...Clark College...Computing Services
> > dsims at clark.edu
> >
> >
> > -----Original Message-----
> > From: Arnold, Jamie [mailto:harnold at binghamton.edu]
> > Sent: Thursday, October 10, 2002 8:51 AM
> > To: 'Rita Seplowitz Saltz'; 'unisog at sans.org'
> > Subject: RE: [unisog] False alarm - Windows "diplomas" message
> >
> >
> > Nope...it's here as well....same thing....new form of SPAM.
> >
> > -----Original Message-----
> > From: Rita Seplowitz Saltz [mailto:rita at princeton.edu]
> > Sent: Thursday, October 10, 2002 9:01 AM
> > To: unisog at sans.org
> > Subject: [unisog] False alarm - Windows "diplomas" message
> >
> >
> > The incident of the "diplomas" window is not a mass phenomenon, so likely
> > has quite a different etiology from the poetry window.  (Possibly a local
> > compromised box net-sent it.)
> >
> > Whew!
> >
> > Rita Saltz
> > Princeton University
> >
>
>

------------------------------------------------------------------------------
** Andy Johnston (andy at umbc.edu)          *            pager: 410-678-8949  **
** Manager of IT Security                 * PGP key:(afj2002) 4096/8448B056 **
** Office of Information Technology, UMBC *   4A B4 96 64 D9 B6 EF E3 21 9A **
** 410-455-2583 (v)/410-455-1065 (f)      *   46 1A 37 11 F5 6C 84 48 B0 56 **
------------------------------------------------------------------------------



More information about the unisog mailing list