Just got notified today that I had sent someone SOBIG.F. This was my reply:
I just received a notice from your Notes server that you received a virus (SOBIG.F) from my address. I would like to let you or your administrator know that the address on that is forged. Your virus checker should look at the headers and report to the ISP from which the infected mail originated, not to the "From" header.
I've been 100% Microsoft Free since January 1, 2000. Unless SOBIG.F has found a way to worm into FreeBSD, I doubt very strongly if this message came from any domain I control.
P.S. While having an automated system to notify possible infections to senders is a nice idea, most worms today spoof the From and ReplyTo headers. Without the Received headers there is no way that I can help track down the infected party, making sending this to the person in the "From" header a waste of time (especially for Windows users who then have to check to see if they are infected or not, when the chances are that they aren't). If your company is serious about tracking down the source of infected mail, they will use the IP address (not the DNS name associated with it as that, too, can be spoofed) in the Received headers to track down the originating ISP and report the infection to them, along with the timestamp and time zone received. ISPs can then use their logs to track down who had said IP address at that time in their time zone.
If your system administration isn't concerned enough to take the time to do it right, then including the full header information of the offending message in your notification would be useful for those of us who do take the time. (There are risks involved with this, as you may be notifying a Black Hat about a compromised machine - i.e. the computer that originally sent the infected message.)
Thank you for your time and forwarding this to your system administrator.
The powers-that-be send out a questionaire twice a year to know how many licenses to purchase for what. In the questionaire, there is a question for primary OS and, if applicable, dual boot OS. The primary OS ONLY lists Win 95, Win 98, Win NT, Win 2000, etc. Secondary OS can be the whole MS lineup plus Linux and Sun OS.
Running FreeBSD as the primary and only OS on three machines at work, I have a really hard time with these forms. What further investigation revealed (as I wanted to give them the CORRECT information despite their problematic form) was that their bonehead Access database required a primary OS from the list, with an optional secondary OS from the secondary list - no other options could be entered. So my three computers were registered as Win 2000 primary OS and Linux for secondary OS. Despite repeated pleas by me, we're paying Microsoft for three unnecessary liceses.
What annoys me most is that when ever I say "FreeBSD," my supervisors always hear "Linux." They aren't against Linux (or FreeBSD for that matter) as it seems many of your bosses are. Linux is a keyword in marketspeak, so it's acceptable. When asked about why they hear "Linux" when I say "FreeBSD," I was told that the "Free" in "FreeBSD" makes it sound cheap (in quality) to administration and potential customers. Using it is OK, but not to the outside world (or department).
Although I often read that people don't have a choice and must use a Windows' partition, I can't disagree more. The choice is yours to keep Windows for games. The choice is yours to continue to work as a share cropper. The choice is yours to continue to feel like a victim in the OS Wars.
The last two Intel based machines I bought didn't have Windows on them more than 5 minutes after bringing them home. Drop in that FreeBSD CD and and away MS goes.
You do have a choice. Are games and MS MediaPlayer resources more important to you than your freedom? Programming in Java, PHP, XUL, and other platform neutral languages will allow you to eat and develop on the platform of your choice while deploying on the platform of your customers' choice. All it takes is a decision from you to do away with that Microsoft partition.
It may not be easy at first, but no life changing decision is. Are you willing to take your life into your own hands? Or just complain the rest of your life about how Microsoft and the computer manufacturers are out to undermine you?
It is your choice to click through Bill's License. If you really don't agree with it, drop in that FreeBSD, RedHat, SuSE, Debian,... CD and and be free!
The trojans that are being distributed to unsuspecting Lookout users do more than bounce SPAM. They're also being used as HTTP proxies to run FormMail.pl scans and abuse the few open FormMail relays that are still out there. And judging by the increased number of formmail scans I get lately, spammers are really getting desparate.
On the bright side, every scan I get closes one more proxy as I report them all to their ISPs, universities, small companies, etc.
Has anyone else noticed that Texas has surpassed China lately as the number one SSH and FormMail scanning origin? Is that because Texas is the most infected? Or home to the most cracker wanna-bes?
Until this whole thing started, Kuwait was one of many small countries that I'd never seen a formmail scan from. (Most come from.cn,.ca, New York, and Texas ISPs.) But soon after the beginning of the war, scans started coming in from Kuwait of all places.
I haven't heard of hactivists using formmail.pl to spread their message - so I doubt if they're behind these recent attacks. But scans coming from the Hard Rock Cafe in Kuwait City suggest that it might be allied forces or the press who are getting some extra money by spamming from the War Zone.
I report formmail scans up the yin yang. 30 a day sometimes. Second notices from the same IP address are rare, third notices rarer. The only North American ISP that I've totally blocked ALL ports at the firewall are two USWest city sub-blocks.
Second notice offending ISPs include:
ATT Canada
RR.com
WorldCom
ATT Net
I generally block China attacks without sending a notice (because there's no whois information for who to complain to - and abuse@ often bounces). This has proven to kill a LOT of SPAM. The spam houses that proxy off of Chinese servers can't scan my site for addresses, and the SPAM mail servers won't get through. I don't even bother filtering mail on that server as blocking formmail scanners' domains pretty much kills 90% of them.
War Games and Tron I'm familar with. Don't know what "The Net" was. Haven't been to a theatre in at least 6 years. Don't rent movies. Don't pay for extra movie channels on cable.
Until movies come out on free (or basic cable) channels, I don't see them. And I really don't think that my life suffers for the lack of the MPAA's idea of the world. The few recent (3 years old or so) movies that I have seen are full of bad language, senseless killing, and unrealistic story lines.
- I'm not a newbie, I know computers and I don't want to be treated as such
This was the final straw driving me away from M$. While beta testing Windows 98, I thought those pop-up help things when you hover over the close button, etc. were extreamly annoying. "I know the button closes the window you idot computer" I often shouted in my mind.
Then something happened. For no apparent reason, two weeks into testing Win98 Beta 2, those annoying things stopped popping up. I thought, "hey, that's not so bad after all. It's given me two week's 'training' and stopped bothering me." I even sent in a report to Microsoft saying that this was a great feature.
Microsoft seemed to interpret that as a bug report, and the next beta through to final release never stopped annoying me.
The release version, on top of that, included all the junk on the desktop that I told the installer not to install, and there was a new problem with suspending on my notebook computer. I had spied a FreeBSD 2.2.6 CD-ROM set in the bookstore recently, went out and bought it, and Microsoft never saw that machine again.
Well, I'm kind of bad with history, so I can't say what age I was, but based on what I learned later in life, I'm guessing about 5 years old.
The first distict memory I have was of a dam bursting in Washington D.C. It turned out to be the President's fault, and people were calling for his resignation. The guy who invented the automobile came in to take his place.
Then there were tanks destroying the Olympic Stadium in some foreign country. I thought it was odd that they used tanks instead of wrecking balls, but...
Now I have problems following the rationale some newscasters use to explain things. A typical CNN Money segment has the phrase, "Due to m, the price of n is {up|down} sharply," where m and n have absolutely no obvious ralationship to each other. News hasn't gotten any clearer now than it was when I was five.
- As far as complaing about jobs, sorry man (really!), but remember, those of you lower on the ladder were sacraficed for those higher up. How many bosses took pay cuts or forfeited their vacation so you could stay on board? Absolutely none!
Actually, in Japan, it isn't unusual for the higher ups to take a pay cut/lose their bonuses for the lower people to not lose theirs in these current hard times. In good times, upper management gets a good piece of the pie, but they're willing to take less to keep everyone fed in harder times.
When reading the books, I always imagined Dr. Joyce Brothers as Dr. Susan Calvin. I know, she's not exactly the plain, drab scientist with her excitement and all. Maybe it's the accent? I don't know. I just think that Dr. Joyce would make a great Susan Calvin.
So does this explain why the/. crew hate the ??AA yet still spend money going to movies and buying CDs? I have no problem waiting for movies to come to TV. So I haven's seen the Star Wars prequals or Harry Potter. So what? Have I really missed out on anything? I haven't bought a CD since I was in college - 12 years ago. The radio works just fine with me.
I stopped relying on the ??AA for entertainment long ago because they were entertaining me less and less each year. Their actions in recent years have made it obvious that they were less deserving of my money than I previously thought.
Now, will/. editors be able to break the phychological binds that the ??AA have on them?
- I'd be interested to know if it's related to the high penetration of broadband in Canada (primarily Sympatico DSL and Rogers cable).
I think that the rise in 24 hour connected broadband access by the masses has given rise to 24 hour connected relays that script kiddies from other countries may utilize.
Judging by the large number of formmail.pl attempts that my servers get, QWest (aka USWest) gets my vote for most (infectiously) deployed proxy servers out there..cn domains (of course they might not be remote controlled) come next, then South America, and finally Canada.
I have noticed that the spammers are trying harder to stay under the radar more lately. A few months ago, the hosts they infected with their relay software would spam thousands of targets a day. Now they seem to distriute the load a bit more, returning after a few days to a week to try to not look so obviously infected.
These and Centrury Sytems' FutureNet products have been around for quite a while in Japan, and they appear smaller than the micro computer in the original article. (But then these are server devices and don't have monitor or keyboard controllers.)
As even those of you who can't read Japanese can get from the comparison page, OpenBlocks comes with the Linux 2.4 kernel and FutureNet come with the Linux 2.4.10 kernel. (If they had a FreeBSD version, I'd retire the old laptop I'm using as a router to my cable modem. The price certainly isn't a problem.)
I don't understand. I've been using FreeBSD on a notebook since 2.x. Back then and with 3.x is was done with the PAO package, but that all got integrated into the kernel in 4.0.
Of course, pretty much all you could use at the 4.0 point was 3Com network cards, but now most NICs work, SCSI cards work, I even have a SD adapter card working on FreeBSD 4.6-STABLE that worked on the first try without any tweaking.
Suspend works fine, too. So I don't see any reason to not use FreeBSD on a notebook.
Why is it that whenever some new virus/worm sets up a backdoor to receive commands that everyone thinks they're for DDoS attacks? Judging by the huge number of formmail scans I get from computers that, according to DShild, appear to be infected, they're being used to scan for open formmail.[pl|cgi] relays and send spam.
Viruses aren't just for script kiddies any more. The spam industry needs these infected machines to better cover their tracks in hopes of not getting sued into oblivion.
There's a lot of information on Digital Video over IP here. Use a FreeBSD box with a FireWire (IEEE1394) connection to a DV camera and broadcast openly or to a specific address.
I've been playing around with this at home, and it works! Sound, too.
Since there aren't many people (yet) who have xdvshow to watch the stream, a method needs to be devised to pipe this to other formats. (I was investigating this, but ran out of time last weekend. If anyone knows of a DV to QT/Real/etc. converter, please let me know!)
I upgraded last June when I found my server under attack by a version of the Goobles' "proof of concept" Apache attack on *BSD. Apache 1.xx was marked broken in ports, so I went with Apache 2.
It took a while to get mod_webapp working on FreeBSD (with enough research done that I wasn't opening any new ports to the outside world). But once I was comfortable with the new setup, I was back.
I must admit, it does seem slower sometimes, but that might be because I upgraded to Tomcat 4 at the same time. Since I don't get nearly so much traffic that it makes a difference (it's a hobby site), Apache 2 works fine for me.
With the multiple ssh and other scans, combined with so many spam images hosted in China, I have most of China's major ISPs blocked at my firewall. I have a network to protect.
I figure that just blocking off the ISP is better than notifying them that they have someone trying to tunnel through my servers. What would an ISP there do after investigating logs to see who it was?
You mentioned several times that you got an exemption for not being a voice carrier. But you also commented that many use the lines for VPN and NetMeeting. Isn't NetMeeting similar to telephony technologies, carrying voice over IP?
Is the voice carrier requirement only for plugging a standard phone into the lines? So VoIP doesn't apply? (And if it doesn't, how much longer will that last?)
- The Web3D crowd basically killed VRML by announcing their "new, improved, XML-based solution" [...]
I was under the impression that Microsoft killed VRML. Just when it was starting to get interesting, MS bought one of the more advanced VRML plugin makers, Liquid Reality (I think it was). They were just about to release their latest Netscape plug-in, the IE plug-in wasn't even in pre-release phase, yet. Then, just before the release, MS bought them, changed the liquid metal siloet logo to a cone, sphere, and cube (too sexy for MS), and announced that the Netscape plug-in would not be released until an IE version were also ready. So far as I know, it never happened.
Naturally, all of the other VRML browsers, seeing MS buy a VRML browser company, threw in the towel and stopped development. Why continue making a plug-in when MS is just going to bundle theirs and kill you off?
VRML was yet another casualty of Microsoft's drive to own the Net. MS has really been the center of killing innovation on the Internet.
- The majority of the web runs on Apache, therefore for Microsoft to not support.NET on Apache is to lose the majority of the web.
And this is why MS and Apache get together regularly for better compatibility between Apache's Axis and MS'.NET thing. I don't want to give up my server platform of choice (FreeBSD), but would certainly like to still be able to allow SOAP clients from the Java,.NET, Perl, etc. worlds access my services.
And as I wrote the above, Snort notified me that a major computer manufacturer in Palo Alto, CA has become the latest victim of CodeRed to attempt an attack on my site. (I do hope it's not a pre-install model.)
Still no "real" attacks on the system today, though.
Slashdot Mirror
Running FreeBSD as the primary and only OS on three machines at work, I have a really hard time with these forms. What further investigation revealed (as I wanted to give them the CORRECT information despite their problematic form) was that their bonehead Access database required a primary OS from the list, with an optional secondary OS from the secondary list - no other options could be entered. So my three computers were registered as Win 2000 primary OS and Linux for secondary OS. Despite repeated pleas by me, we're paying Microsoft for three unnecessary liceses.
What annoys me most is that when ever I say "FreeBSD," my supervisors always hear "Linux." They aren't against Linux (or FreeBSD for that matter) as it seems many of your bosses are. Linux is a keyword in marketspeak, so it's acceptable. When asked about why they hear "Linux" when I say "FreeBSD," I was told that the "Free" in "FreeBSD" makes it sound cheap (in quality) to administration and potential customers. Using it is OK, but not to the outside world (or department).
The last two Intel based machines I bought didn't have Windows on them more than 5 minutes after bringing them home. Drop in that FreeBSD CD and and away MS goes.
You do have a choice. Are games and MS MediaPlayer resources more important to you than your freedom? Programming in Java, PHP, XUL, and other platform neutral languages will allow you to eat and develop on the platform of your choice while deploying on the platform of your customers' choice. All it takes is a decision from you to do away with that Microsoft partition.
It may not be easy at first, but no life changing decision is. Are you willing to take your life into your own hands? Or just complain the rest of your life about how Microsoft and the computer manufacturers are out to undermine you?
It is your choice to click through Bill's License. If you really don't agree with it, drop in that FreeBSD, RedHat, SuSE, Debian, ... CD and and be free!
On the bright side, every scan I get closes one more proxy as I report them all to their ISPs, universities, small companies, etc.
Has anyone else noticed that Texas has surpassed China lately as the number one SSH and FormMail scanning origin? Is that because Texas is the most infected? Or home to the most cracker wanna-bes?
Until this whole thing started, Kuwait was one of many small countries that I'd never seen a formmail scan from. (Most come from .cn, .ca, New York, and Texas ISPs.) But soon after the beginning of the war, scans started coming in from Kuwait of all places.
I haven't heard of hactivists using formmail.pl to spread their message - so I doubt if they're behind these recent attacks. But scans coming from the Hard Rock Cafe in Kuwait City suggest that it might be allied forces or the press who are getting some extra money by spamming from the War Zone.
Second notice offending ISPs include:
I generally block China attacks without sending a notice (because there's no whois information for who to complain to - and abuse@ often bounces). This has proven to kill a LOT of SPAM. The spam houses that proxy off of Chinese servers can't scan my site for addresses, and the SPAM mail servers won't get through. I don't even bother filtering mail on that server as blocking formmail scanners' domains pretty much kills 90% of them.
Until movies come out on free (or basic cable) channels, I don't see them. And I really don't think that my life suffers for the lack of the MPAA's idea of the world. The few recent (3 years old or so) movies that I have seen are full of bad language, senseless killing, and unrealistic story lines.
Do you guys actually pay the MPAA for that?
This was the final straw driving me away from M$. While beta testing Windows 98, I thought those pop-up help things when you hover over the close button, etc. were extreamly annoying. "I know the button closes the window you idot computer" I often shouted in my mind.
Then something happened. For no apparent reason, two weeks into testing Win98 Beta 2, those annoying things stopped popping up. I thought, "hey, that's not so bad after all. It's given me two week's 'training' and stopped bothering me." I even sent in a report to Microsoft saying that this was a great feature.
Microsoft seemed to interpret that as a bug report, and the next beta through to final release never stopped annoying me.
The release version, on top of that, included all the junk on the desktop that I told the installer not to install, and there was a new problem with suspending on my notebook computer. I had spied a FreeBSD 2.2.6 CD-ROM set in the bookstore recently, went out and bought it, and Microsoft never saw that machine again.
The first distict memory I have was of a dam bursting in Washington D.C. It turned out to be the President's fault, and people were calling for his resignation. The guy who invented the automobile came in to take his place.
Then there were tanks destroying the Olympic Stadium in some foreign country. I thought it was odd that they used tanks instead of wrecking balls, but...
Now I have problems following the rationale some newscasters use to explain things. A typical CNN Money segment has the phrase, "Due to m, the price of n is {up|down} sharply," where m and n have absolutely no obvious ralationship to each other. News hasn't gotten any clearer now than it was when I was five.
Actually, in Japan, it isn't unusual for the higher ups to take a pay cut/lose their bonuses for the lower people to not lose theirs in these current hard times. In good times, upper management gets a good piece of the pie, but they're willing to take less to keep everyone fed in harder times.
Unheard of in North America, I'm sure.
When reading the books, I always imagined Dr. Joyce Brothers as Dr. Susan Calvin. I know, she's not exactly the plain, drab scientist with her excitement and all. Maybe it's the accent? I don't know. I just think that Dr. Joyce would make a great Susan Calvin.
I stopped relying on the ??AA for entertainment long ago because they were entertaining me less and less each year. Their actions in recent years have made it obvious that they were less deserving of my money than I previously thought.
Now, will /. editors be able to break the phychological binds that the ??AA have on them?
I think that the rise in 24 hour connected broadband access by the masses has given rise to 24 hour connected relays that script kiddies from other countries may utilize.
Judging by the large number of formmail.pl attempts that my servers get, QWest (aka USWest) gets my vote for most (infectiously) deployed proxy servers out there. .cn domains (of course they might not be remote controlled) come next, then South America, and finally Canada.
I have noticed that the spammers are trying harder to stay under the radar more lately. A few months ago, the hosts they infected with their relay software would spam thousands of targets a day. Now they seem to distriute the load a bit more, returning after a few days to a week to try to not look so obviously infected.
These and Centrury Sytems' FutureNet products have been around for quite a while in Japan, and they appear smaller than the micro computer in the original article. (But then these are server devices and don't have monitor or keyboard controllers.)
As even those of you who can't read Japanese can get from the comparison page, OpenBlocks comes with the Linux 2.4 kernel and FutureNet come with the Linux 2.4.10 kernel. (If they had a FreeBSD version, I'd retire the old laptop I'm using as a router to my cable modem. The price certainly isn't a problem.)
I don't understand. I've been using FreeBSD on a notebook since 2.x. Back then and with 3.x is was done with the PAO package, but that all got integrated into the kernel in 4.0.
Of course, pretty much all you could use at the 4.0 point was 3Com network cards, but now most NICs work, SCSI cards work, I even have a SD adapter card working on FreeBSD 4.6-STABLE that worked on the first try without any tweaking.
Suspend works fine, too. So I don't see any reason to not use FreeBSD on a notebook.
Why is it that whenever some new virus/worm sets up a backdoor to receive commands that everyone thinks they're for DDoS attacks? Judging by the huge number of formmail scans I get from computers that, according to DShild, appear to be infected, they're being used to scan for open formmail.[pl|cgi] relays and send spam.
Viruses aren't just for script kiddies any more. The spam industry needs these infected machines to better cover their tracks in hopes of not getting sued into oblivion.
I've been playing around with this at home, and it works! Sound, too.
Since there aren't many people (yet) who have xdvshow to watch the stream, a method needs to be devised to pipe this to other formats. (I was investigating this, but ran out of time last weekend. If anyone knows of a DV to QT/Real/etc. converter, please let me know!)
It took a while to get mod_webapp working on FreeBSD (with enough research done that I wasn't opening any new ports to the outside world). But once I was comfortable with the new setup, I was back.
I must admit, it does seem slower sometimes, but that might be because I upgraded to Tomcat 4 at the same time. Since I don't get nearly so much traffic that it makes a difference (it's a hobby site), Apache 2 works fine for me.
With the multiple ssh and other scans, combined with so many spam images hosted in China, I have most of China's major ISPs blocked at my firewall. I have a network to protect.
I figure that just blocking off the ISP is better than notifying them that they have someone trying to tunnel through my servers. What would an ISP there do after investigating logs to see who it was?
You mentioned several times that you got an exemption for not being a voice carrier. But you also commented that many use the lines for VPN and NetMeeting. Isn't NetMeeting similar to telephony technologies, carrying voice over IP?
Is the voice carrier requirement only for plugging a standard phone into the lines? So VoIP doesn't apply? (And if it doesn't, how much longer will that last?)
Great, free TrueType Japanese fonts are available via:
/usr/ports/japanese/kochi-ttfonts && make install clean
/usr/ports/print be converted to TrueType? Or the Adobe fonts?
# cd
or
# portinstall -R ja-kochi-ttfonts
Can's some of the TeX fonts in
I was under the impression that Microsoft killed VRML. Just when it was starting to get interesting, MS bought one of the more advanced VRML plugin makers, Liquid Reality (I think it was). They were just about to release their latest Netscape plug-in, the IE plug-in wasn't even in pre-release phase, yet. Then, just before the release, MS bought them, changed the liquid metal siloet logo to a cone, sphere, and cube (too sexy for MS), and announced that the Netscape plug-in would not be released until an IE version were also ready. So far as I know, it never happened.
Naturally, all of the other VRML browsers, seeing MS buy a VRML browser company, threw in the towel and stopped development. Why continue making a plug-in when MS is just going to bundle theirs and kill you off?
VRML was yet another casualty of Microsoft's drive to own the Net. MS has really been the center of killing innovation on the Internet.
Why is it that the name "Homeland Security" gives me images of Nazis? That name really bothers me.
And this is why MS and Apache get together regularly for better compatibility between Apache's Axis and MS' .NET thing. I don't want to give up my server platform of choice (FreeBSD), but would certainly like to still be able to allow SOAP clients from the Java, .NET, Perl, etc. worlds access my services.
Still no "real" attacks on the system today, though.