More ALL.NET spew, hit D now if you don't care. A user of system, or something triggered the initial email to our postmaster account here at DHP. I replied with a rewording of the message, as seen below. This resulted in Fred Cohen deciding that I was part a huge consipiracy to invade his computer system and decided that CERT needed to get in on the mailings. Based on the services available via ALL.NET's web page, I find this quite funny, so I replied to both CERT and his provider, PSI. Please be sure to check out the provided URL's available at ALL.NET. My included response to CERT and , including all previous email in quoted form. -Matt (panzer@dhp.com) DI-1-9026 "That which can never be enforced should not be prohibited." -----------------------------------------Cut Here or hit D Now-------------
From panzer@dhp.comWed Mar 13 11:50:26 1996 Date: Mon, 11 Mar 1996 02:35:24 -0500 (EST) From: Matt 'Panzer Boy' <panzer@dhp.com> To: cert@cert.org, postmaster@psi.net Cc: postmaster@all.net, admin@dhp.com Subject: Re: Attempted-entry-in.telnetd-by-unknown@dhp.com (fwd)
This administrator at all.net (I assume the whois information is true) is making unwarrented threats and accusations. These threats and warnings coming from a site that offers to do port scans on any host via a web interface is quite absurd. References: "http://all.net/tests/testsuite.html" For a description of what they do "http://all.net/tests/one-time-test.html" To actually try it out -Matt (panzer@dhp.com) DI-1-9026 ---------- Forwarded message ---------- Date: Sat, 9 Mar 1996 16:16:33 -0500 (EST) From: Fred Cohen <fc@all.net> To: cert@cert.org Cc: panzer@dhp.com Subject: Re: Attempted-entry-in.telnetd-by-unknown@dhp.com (fwd) The systems administrator at the following site is apparently a party to the attmpted entry to our site reported below. What is the procedure for contacting federal authorities to investigate attempted breakins to Federal Interest Computers? Forwarded message:
From admin@dhp.com Sat Mar 9 16:11:03 1996 Date: Sat, 9 Mar 1996 16:11:57 -0500 (EST) From: DHP Administrator <admin@dhp.com> To: root <root@all.net> Subject: Re: Attempted-entry-in.telnetd-by-unknown@dhp.com In-Reply-To: <9603090948.AA25300@all.net> Message-Id: <Pine.LNX.3.91.960309155116.9846A-100000@dhp.com> Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII
On Sat, 9 Mar 1996, root wrote:
A user at your site has just attempted to telnet into our site without proper authorization. We consider this inappropriate behavior and would like an explanation of this action as soon as possible.
This message is generated automatically at the time of the attempted entry and is sent to our administrators and the postmaster at the machine making the attempt. We have included any information provided by your ident daemon (if in use) on the subject line of this message. We also do a reverse finger for future reference.
Fred Cohen - fc@all.net - tel:US+216-686-0090
A user at your site has just attempted to finger into our site without proper authorization. We consider this inappropriate behavior and would like an explanation of this action as soon as possible.
Please refrain from such a waste of bandwidth in the future. Setting alarms off with a telnet is both stupid, and most likely to get people in trouble for no proper reason.
-Matt (panzer@dhp.com)
-> See: Info-Sec Heaven at URL http://all.net/ Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236 -- -Matt (panzer@dhp.com) DI-1-9026 "That which can never be enforced should not be prohibited."