RE: CRIME [VIRUS] Don't Use this patch immediately !

From: Buelna, Derek (derek.buelna@private)
Date: Thu Oct 16 2003 - 11:34:31 PDT

  • Next message: Todd Ellner: "Re: CRIME [VIRUS] Don't Use this patch immediately !"

    You're right. Genuity can't do anything for me besides blocking that IP (which of course won't help me) even though we are a customer.
    
    Please ban the user from sending messages to the list. That makes the most sense to me. If the list configured such that anyone is allowed to send to it then I think that needs to change to subscribed/authorized users. 
    
    -Derek
    
    -----Original Message-----
    From: Seth Arnold [mailto:sarnold@private]
    Sent: Thursday, October 16, 2003 10:51 AM
    To: crime@private
    Subject: Re: CRIME [VIRUS] Don't Use this patch immediately !
    
    
    On Thu, Oct 16, 2003 at 10:33:14AM -0700, Buelna, Derek wrote:
    > I'm pleased that these messages are free of viruses but.. I wouldn't
    > be surprised if the messages are coming from the same PC. The mail
    > server and or the list manager should be able to get the source IP,
    > right? I'm thinking that it might be valid. I'd be glad to look into
    > this if you could toss me the source IP..
    
    Check the headers:
    Received: (from Majordomo@localhost)
            by rigel.cs.pdx.edu (8.12.10/8.12.3/Submit) id h9G2fZt3027348
            for crime-outgoing; Wed, 15 Oct 2003 19:41:35 -0700 (PDT)
    X-Authentication-Warning: rigel.cs.pdx.edu: Majordomo set sender to owner-crime@private using -f
    Received: from tuttle.oit.pdx.edu (tuttle.oit.pdx.edu [131.252.120.29])
            by rigel.cs.pdx.edu (8.12.10/8.12.10) with ESMTP id h9G2fOK1027326
            (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO)
            for <crime@private>; Wed, 15 Oct 2003 19:41:25 -0700 (PDT)
    Received: from localhost (evrtwa1-ar4-4-47-073-009.evrtwa1.dsl-verizon.net [4.47.73.9])
            by tuttle.oit.pdx.edu (8.12.10/8.12.10) with SMTP id h9G2fMx8000787
            for <crime@private>; Wed, 15 Oct 2003 19:41:22 -0700 (PDT)
    
    Looks like 4.47.73.9 sent it.
    
    That netblock is owned by Genuity. Best of luck convincing them it is
    worth their time to track down a single windows user who didn't care
    enough to buy an antivirus tool.
    
    -- 
    The Bill of Rights: 7 out of 10 rights haven't been sold yet! Contact
    your congressman for details how *you* can buy one today!
    



    This archive was generated by hypermail 2b30 : Thu Oct 16 2003 - 12:12:40 PDT