fr.comp.normes.unicode
[Top] [All Lists]

Re: RProcess Confesses JBN JokeWare

Subject: Re: RProcess Confesses JBN JokeWare
From: Nomen Nescio
Date: Sun, 6 Jan 2008 14:40:05 +0100 CET
Newsgroups: fr.comp.normes.unicode, france.franche-comte.montbeliard



THIS UNWANTED GARBAGE ORIGINATED FROM AND BROUGHT TO YOU COURTESY OF:

PATRICK PARIS -- THE FEMALE EUNUCH
PATRICK PARIS -- PIECE OF SHIT
PATRICK PARIS -- SHITBAG
PATRICK PARIS -- SCUMBAG




me qsuser <[email protected]> wrote:

> Avoid JBN even the Author RProcess admits it's seriously flawed.
> 
> (QS is best, forget the rest)
> Download= http://www.quicksilvermail.net/

Thanks very much for people to bother with, I'll probably bring 
it down. People can still send an ***EMAIL*** to 
[email protected], 
it will be accepted. Eelbash is Frog-Admin's 'love child' as he 
proceeds to halt clients at the newsgrouop. 

<<==========>>

Subject: Re: Twistycreek re-mailer open to public

In article <[email protected]>
[email protected] (Twisty_admin) wrote:

> >> I have been consistantly pinged by  BLACKHOLE-1.IANA.ORG from ANONYMOUS and
> >> mail.brianbinder.com. A tad annoying when mine is a static commercial
> >> account.
> >>
> >> Odd  that they could ping me from 10.1.10.1 which is the same address as my
> >> new modem/router. They also tried to connect to port 137.
> >>
> >> I had to use the internal firewall to block all the connections they use.
> >> Now I can't access my modem/router from this PC. A never ending battle.  :)
> >
> >I thought you had a static IP now, not some 10.x.x.x crap? Or is
> >the static IP on the WAN side of the router? If so, no 10.x.x.x
> >traffic should be coming in to your network (the router should
> >be able to stop it and the ISP shouldn't be routing it to you in
> >the first place).
> >
> >Anyway, block ports 135-139 and 445 at the router. All virus
> >stuff.
>
> I have everything blocked except port 25 which is forwarded.
>
> I have a static IP. The new modem is a combination modem/router. You are
> correct, the static IP is on the WAN side. I have 4 other computers
> connected to it. 1 laptop by wireless so I have a wireless router plugged
> in to one of the ports. The 3 others are direct connected to the router.
> The re-mailer has a fixed IP while I let the other 2 receive their addesses
> by DHCP. The wireless laptop receives a 192.168.0.2 address from the
> wireless router. The others all have 10.1.10.xxx IPs.
>
> To access the router, I have to type in 10.1.10.1 which brings up the login
> page for the router. The re-mailer PC is at a fixed IP of 10.1.10.xxx.  (in
> case they read this, they'll have to guess what xxx is) The router itself
> has a built in firewall which I enabled. Then each computer has a McAffee
> virus/securitycenter/firewall combination on it.
>
> The only one that gets pinged is this one, the re-mailer. Things slowed
> down since I blocked everything including the router. I am surprised it
> still works at all.
>
> I just don't know how I can get pinged or whatever from the same address as
> my router. I thought a real Domain IP should show up. Again, I am far from
> the expert so would really like to know how this can be done. Seems pretty
> tricky. I just don't like the name Blackhole. Gives me the shudders. I sure
> know what a "blacklist" is and blackhole and blacklist are somewhat
> synonymous.
>
> I picked out 3 out of about 12.
> Here they are.
>
> 2005/10/15 10:06:26 10.1.10.1:0 (mail.brianbinder.com) 10.1.10.200:0 ICMP
> Ping
> 2005/10/15 10:12:35 10.1.10.1:0 (mail.brianbinder.com) 10.1.10.200:0 ICMP
> Ping
> 2005/10/15 16:26:11 10.1.10.95:68 (ANONYMOUS) 255.255.255.255:67 Bootstrap
> Protocol Server

ICMP type 0 is ping reply (pong) isn't it? Sure you're not 
pinging or tracerouting mail.brainbinder.com at the time?

> All traceroutes come back to this:
> Maybe this is all OK and they just happened to pick bad names for their
> servers. Blackhole? Yuuch!!!
>
> Sender ANONYMOUS? Why not a real name?

Because 10.1.10.95 doesn't have a valid reverse DNS record. 
Which it won't, because it's not on the internet. Unless you set 
one up locally.

> Reminds me of Carnivore.  Some stealth project :) A bad pick for a name at
> any case.
>
> OrgName:    Internet Assigned Numbers Authority
> OrgID:      IANA
> Address:    4676 Admiralty Way, Suite 330
> City:       Marina del Rey
> StateProv:  CA
> PostalCode: 90292-6695
> Country:    US
>
> NetRange:   10.0.0.0 - 10.255.255.255
> CIDR:       10.0.0.0/8
> NetName:    RESERVED-10
> NetHandle:  NET-10-0-0-0-1
> Parent:
> NetType:    IANA Special Use
> NameServer: BLACKHOLE-1.IANA.ORG
> NameServer: BLACKHOLE-2.IANA.ORG
> Comment:    This block is reserved for special purposes.
> Comment:    Please see RFC 1918 for additional information.
> Comment:
> RegDate:
> Updated:    2002-09-12
>
> OrgAbuseHandle: IANA-IP-ARIN
> OrgAbuseName:   Internet Corporation for Assigned Names and Number
> OrgAbusePhone:  +1-310-301-5820
> OrgAbuseEmail:  [email protected]
>
> OrgTechHandle: IANA-IP-ARIN
> OrgTechName:   Internet Corporation for Assigned Names and Number
> OrgTechPhone:  +1-310-301-5820
> OrgTechEmail:  [email protected]
>
>
> The part that disturbs me is from their own website. It says:
>
> Special-Use Addresses
>
> Several address ranges are reserved for "Special Use". These addresses all
> have restrictions of some sort placed on their use, and in general should
> not appear in normal use on the public Internet. The following briefly
> documents these addresses ? in general they are used in specialized
> technical contexts. They are described in more detail in RFC 3330.
> "Private Use" IP addresses:
>         10.0.0.0 - 10.255.255.255
>         172.16.0.0 - 172.31.255.255
>         192.168.0.0 - 192.168.255.255
>
> The above address blocks are reserved for use on private networks, and
> should never appear in the public Internet. There are hundreds of thousands

That's right.

You're not being pinged or attacked from outside your network.

Don't worry about the name blackhole - that's been assigned by 
IANA!

> So, in the end, am I getting spoofed by a hacker, or by my own
> cablemodem/router?

If it's a spoof (and I very much doubt it), the reply isn't 
going anywhere. Besides which, your router shouldn't be routing 
those addresses inbound so it's almost certainly coming from 
within your network.

<<==========>>

Subject: Re: Ping web-mailer

On 27 Oct 2005, [email protected] (BigappleAdmin)
wrote:
>I've received 3 identical emails from you.
>Did you not get my first reply?
>
>
Test Bigapple anon-post to directive Cypherpunk



-=-
This message was sent via two or more anonymous remailing services.
























































<Prev in Thread] Current Thread [Next in Thread>
  • Re: RProcess Confesses JBN JokeWare, Nomen Nescio <=