- NZNOG - lists.nznog.org

Re: [nznog] Iworm.Swen
by Mark Davies 21 Sep '03

21 Sep '03

From: Ewen McNeill <ewen(a)naos.co.nz> Date: Mon, 22 Sep 2003 13:14:59 +1200 > Some people in ASR were getting many dozens per _hour_ (I think one > person was seeing hundreds per hour), so I'm grateful that this one > doesn't seem to have hit me as hard as SoBig.F was (I was seeing > thousands of copies of SoBig.F per day). We threw away 4500 over the weekend, mostly to two particular addresses, but a sprinkling to others. Don't know why those two addresses were so hard done by. mark

1 0

Iworm.Swen
by Matthew G Brown 21 Sep '03

21 Sep '03

Is anyone seeing large influx of Iworm.Swen & Exploit.IFrame.FileDownloadMessage over the last few days. Im getting over 200 a day, All for some reason addressed to me , very few to any other users. I seem to be the only one I know having this problem, I feel very special. Best regards Matthew G Brown B & R Holdings LIMITED Nelson, New Zealand DDI: + 64 3 544 9116 MOB: 027 4807731 http://www.brh.co.nz http://www.backupserver.co.nz

3 2

where, o where, has my little switch gone.
by Simon Blake 21 Sep '03

21 Sep '03

If anybody finds a Cisco 2912 switch that's, cough, fallen off the back of a truck, please sing out - we had one five fingered last night. Ripped the rack of the wall, dropped the power, the whole nine yards. Still, our none-to-bright crims took the cheap switch and left the rack of far more valuable media convertors sitting above it, so I guess we can be thankful for small mercies! Thankfully, not a very common occurence. Cheers Si

2 1

VeriSign Sued
by Hugh Lilly 19 Sep '03

19 Sep '03

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VeriSign Sued Over Controversial Web Service Thu September 18, 2003 09:13 PM ET By Elinor Mills Abreu SAN FRANCISCO (Reuters) - An Internet search company on Thursday filed a $100 million antitrust lawsuit against VeriSign Inc., accusing the Web address provider of hijacking misspelled and unassigned Web addresses with a service it launched this week. http://www.reuters.com/printerFriendlyPopup.jhtml?type=internetNews&storyID… - -- (C) 2003 Hugh Lilly mail: h.lilly(a)gmx.net blog: http://hugh.orcon.net.nz Registered Linux User # 295486, register @ http://counter.li.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/auF89hi2EvY06qgRAmGmAKCTLqkXIJag46oQLDq1od0PFIHXqQCglYeI svtZjEX42+BJbhPx1/yoiSc= =P+4f -----END PGP SIGNATURE-----

3 2

Prefix list update for Net4U Limited (AS23746)
by Michael Jager 19 Sep '03

19 Sep '03

Hi all, For those of you peering with Net4U, please update your filters to allow 210.55.110.0/24. A complete prefix list is attached for your reference. -michael Network Operations Net4u Limited

1 0

Fwd: [ga] ICANN Advisory to Verisign: Voluntarily suspend Sitefinder
by david＠farrar.com 19 Sep '03

19 Sep '03

Even ICANN has arisen to life and has asked Verisign to suspend their sitefinder service. Will be useful to read what their Security and Stability Advisory Committee says on the wildcard issue. DPF ----- Message Forwarded on 20/09/03 ----- From: George Kirikos <gkirikos(a)yahoo.com> To: ga(a)dnso.org Cc: discuss-list(a)opensrs.org Subject: [ga] ICANN Advisory to Verisign: Voluntarily suspend Sitefinder Date: Fri, 19 Sep 2003 19:26:56 -0700 (PDT) See the advisory at: http://www.icann.org/announcements/advisory-19sep03.htm I doubt Verisign has the inkling to stop.... Sincerely, George Kirikos http://www.kirikos.com/ P.S. Sign the updated petition at: http://www.whois.sc/verisign-dns/

1 0

ll stuff
by Thomas Salmen 18 Sep '03

18 Sep '03

looks like i'm going to have to dump my tel stock... http://www.nzherald.co.nz/business/businessstorydisplay.cfm?storyID=3524244& thesection=business&thesubsection=telecommunications&thesecondsubsection=gen eral&thetickercode=TEL my tls shares should do okay though

1 0

RE: [nznog] stream of Orcon spam
by Seeby Woodhouse 18 Sep '03

18 Sep '03

I wasn't aware that there was any 'constant stream of spam' coming from us. However - I've been following up since seeing your email the other day. My understanding from the tech team is that we are on top of this and do respond to such things - if you have previously tried to get us to take action and nothing has happened, then I'd be keen to know about it. Cheers Seeby Woodhouse Managing Director Orcon Internet Limited - www.orcon.net.nz Mob +64 (0) 21 366 666 / Wk +64 (9) 444 4414 ext 700 -----Original Message----- From: Tony Wicks [mailto:nzog(a)road.gen.nz] Sent: Friday, September 19, 2003 6:25 AM To: Liz Q Cc: nznog(a)list.waikato.ac.nz Subject: RE: [nznog] stream of Orcon spam They don't respond. -----Original Message----- From: Liz Q [mailto:liz(a)debian.co.nz] Sent: Friday, 19 September 2003 12:20 a.m. To: nzog(a)road.gen.nz Cc: nznog(a)list.waikato.ac.nz Subject: Re: [nznog] stream of Orcon spam Perhaps you should take it up with them, I'm fairly sure they will be happy to find whos account it is and remove it. Liz Q On Wed, 2003-09-17 at 21:36, Tony Wicks wrote: > Hi all, is anyone else seeing a constant stream of spam **again** emanating > from Orcon ? > > > ( now added to "hosts.deny" ) > > > > Received: from dbmail-mx1.orcon.co.nz (loadbalancer-VIP.orcon.net.nz > [219.88.242.2]) > by *removed* (8.12.8/8.12.8) with ESMTP id h8H63EcG011226 > for <*removed*>; Wed, 17 Sep 2003 18:03:34 +1200 > Received: from 219.88.242.10 ([218.63.107.253]) > by dbmail-mx1.orcon.co.nz (8.12.6/8.12.6/Debian-7) with SMTP id > h8H61d2d006264 > for <*removed*>; Wed, 17 Sep 2003 18:02:25 +1200 > Received: from uvd.cixzx.net (HELO jk0) ([103.212.63.23]) by 219.88.242.10 > id <2581790-60199> for <*removed*>; Wed, 17 Se > p 2003 14:54:17 +0600 > Message-ID: <b-1$-f$oj422x(a)c9n.dl4l.2h3y> > From: "Iris Oliver" <q2djix5co3u(a)eguo.com> > Reply-To: "Iris Oliver" <q2djix5co3u(a)eguo.com> > To: <*removed*> > Subject: Develop a Larger Penis in Weeks > > > Received: from dbmail-mx3.orcon.co.nz (loadbalancer-VIP.orcon.net.nz > [219.88.242.2]) > by *removed* (8.12.8/8.12.8) with ESMTP id h8H5UvcG011061 > for <*removed*>; Wed, 17 Sep 2003 17:30:58 +1200 > Received: from modemcable084.162-202-24.hull.mc.videotron.ca > (modemcable084.162-202-24.hull.mc.videotron.ca [24.202.162.84]) > by dbmail-mx3.orcon.co.nz (8.12.6/8.12.6/Debian-7) with SMTP id > h8H5Tho7008819 > for <*removed*>; Wed, 17 Sep 2003 17:29:45 +1200 > Received: from [150.94.211.109] > by modemcable084.162-202-24.hull.mc.videotron.ca; > Wed, 17 Sep 2003 00:27:00 -0600 > Message-ID: <u$1eo2yj-u36$gq(a)1sbkl8.s.c6l2y> > From: "Brianna Avery" <25mypdms(a)gateway.com> > Reply-To: "Brianna Avery" <25mypdms(a)gateway.com> > To: *removed* > Subject: *removed* male enhancement patch 3 qchywrehm > > > > _______________________________________________ > NZNOG mailing list > NZNOG(a)list.waikato.ac.nz > http://list.waikato.ac.nz/mailman/listinfo/nznog -- This PC runs Linux. If you find a virus apparently from me, it has forged the e-mail headers on someone else's machine. Please do not notify me when this occurs. Thanks. _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

1 0

Re: [nznog] Email for domains hosted by 2day.com
by Ewen McNeill 18 Sep '03

18 Sep '03

In message <Pine.WNT.4.55.0309172108560.696(a)den3>, Juha Saarinen writes: >On Wed, 17 Sep 2003, Ewen McNeill wrote: >> And if nothing else it's probably useful to have a single document to >> wave at people saying "these are all the bad things you've caused by >> doing this". > >That's been documented already, as in the 2day.com case. To reinforce the "one list with which to beat people up", this post on NANOG: http://www.merit.edu/mail.archives/nanog/msg13728.html points out that Verisign are in an interesting position with HTTPS access: not only do they have the wildcard DNS entry to draw traffic their way (apparently consuming one AS and two /24s on the way past), they've also got the trusted CA certificates to sign any SSL certificates needed (on the fly if they wish). The little "trusted site" closed lock on, eg: https://www.placetobuystuff.com/ is (amazinginly) a little less meaningful than it was before. (I'm also amazed that, apparently, no one has registered that domain name. It seems such an obvious one for the type-stuff-in-and-see-what-happens crowd.) FWIW, these: http://www.haque.net/verisign_dns_rant.php http://www.merit.edu/mail.archives/nanog/msg13682.html aren't a bad (early) start at a summary of problems (from Tuesday). Ewen

5 5

Re: [nznog] Email for domains hosted by 2day.com
by david＠farrar.com 18 Sep '03

18 Sep '03

Bob Gray wrote: > On 19 Sep 2003 at 9:17, Antonio Broughton wrote: > > > So if i was to say "ihug.net" has bad data.... that will > > mean ihug.net will get deleted also? :) > > More to the point if someone said that the nz record is > bad: > > [snip] > Technical Contact: > Name: ITS Operators > Organization: The University of Waikato > Address1: Private Bag 3105 > [snip] > > would that get deleted too? InternetNZ has been trying to get that changed for, well around four years now. There has been many a fight with ICANN about them refusing to update details for .nz zone despite it being inaccurate. What was ironic was that one year their request for a fee/donation didn't get through because they sent it to the old mailing address which they had refused to change. They have got more responsive of late and as I understand it there is an attempt underway to get this final piece of incorrect information fixed. DPF

1 0