Return-Path: <sentto-279987-4012-1007504673-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Tue, 04 Dec 2001 14:29:08 -0800 (PST) Received: (qmail 5716 invoked by uid 510); 4 Dec 2001 22:26:01 -0000 Received: from n23.groups.yahoo.com (216.115.96.73) by all.net with SMTP; 4 Dec 2001 22:26:01 -0000 X-eGroups-Return: sentto-279987-4012-1007504673-fc=all.net@returns.groups.yahoo.com Received: from [216.115.97.190] by n23.groups.yahoo.com with NNFMP; 04 Dec 2001 22:25:36 -0000 X-Sender: rob@robhughes.com X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_1_2); 4 Dec 2001 22:24:33 -0000 Received: (qmail 20101 invoked from network); 4 Dec 2001 20:49:56 -0000 Received: from unknown (216.115.97.171) by m4.grp.snv.yahoo.com with QMQP; 4 Dec 2001 20:49:56 -0000 Received: from unknown (HELO ns2.robhughes.com) (12.237.138.77) by mta3.grp.snv.yahoo.com with SMTP; 4 Dec 2001 20:49:56 -0000 Received: (qmail 31326 invoked from network); 4 Dec 2001 20:49:58 -0000 Received: from hexch01.robhughes.com (192.168.1.3) by ns2.robhughes.com with SMTP; 4 Dec 2001 20:49:58 -0000 Message-ID: <B95B566BD245174196CA4EE29E5818830D6048@HEXCH01.robhughes.com> content-class: urn:content-classes:message X-MimeOLE: Produced By Microsoft Exchange V6.0.4712.0 X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [iwar] New worm spreading, @home coming back, etc. Thread-Index: AcF8+ho7CUkn+yVmRDiYMtA0UM6iJgACNsog To: "Information Warfare Mailing List" <iwar@yahoogroups.com> From: "Robert D. Hughes" <rob@robhughes.com> X-Yahoo-Profile: pimpothemonkey Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Tue, 4 Dec 2001 14:49:54 -0600 Subject: RE: [iwar] New worm spreading, @home coming back, etc. Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Point one goes without saying. This is where the whole "cyber-terrorist" comes from, and these mis-guided individuals, while not yet having cost lives, are certainly a problem. Point two I got to experience personally. That it was painful and inconvenient is an understatement. However, the new AUP is quite vague on many areas. Bear with me while I quote a few sections: (c.) Authorization. AT&T Broadband does not claim any ownership of any material that Customer publishes, transmits or distributes using the Service. By using the Service to publish, transmit or distribute material or content, Customer (i) is warranting that the material or content complies with the provisions of this Agreement, (ii) is authorizing AT&T Broadband, its agents and affiliates to reproduce, publish, distribute, and display such content worldwide and (iii) is warranting that Customer has the right to provide such authorization. Customer acknowledges that material posted or transmitted using the Service may be copied, republished or distributed by third parties, and Customer agrees to indemnify, defend and hold harmless AT&T Broadband, its agents and affiliates for any harm resulting from such actions. This seems to refute the rumor that ATT is claiming ownership on material/content passing through their system. (f.) IP Addresses. AT&T Broadband will provide Customer with dynamic IP connection(s) as a component of the Service. Customer will not alter, modify, or tamper with such dynamic IP connection(s) or those of any other customer. Customer agrees not to use a dynamic DNS to associate a host name with such dynamic IP connection(s) for any commercial purpose. Customer also agrees not to use any software on or in conjunction with any computer(s) or network device connected to the Service that provides for static IP connections. If applicable, AT&T Broadband will take back the dynamic IP connection(s) upon disconnection, discontinuance, or termination of the Service or this Agreement. This is really interesting. They say you can't use a dynamic dns for commercial purposes, but nothing about just running your own dns service. The bit about "static IP connections" also is rather vague. (i.) FTP/HTTP Service Setup. Customer acknowledges that when using the Service there are certain applications such as FTP (File Transfer Protocol) server or HTTP (Hyper Text Transfer Protocol) server which may be used by other persons or entities to allow such other persons or entities to gain access to Customer's Equipment. Customer is solely responsible for the security of the Customer Equipment or any other equipment Customer chooses to use in connection with the Service, including without limitation any data stored on such equipment. Neither AT&T Broadband nor its affiliates shall have any liability whatsoever for any claims, losses, actions, damages, suits or proceedings resulting from, arising out of or otherwise relating to the use of such applications by Customer, or the access by others to the Customer Equipment or other equipment of Customer. This section seems to indicate that you can run a server, but you're on your own if you do. On point three, of course any virus/worm just scanning IPs won't be affected. However, if evidence was shown that these virus/worm entities were getting into places they shouldn't have had a route to, it would be a most interesting discussion. On point four, yes, isn't it? I have a number of scans from when I was doing some trouble shooting. I couldn't believe what I was seeing. It seems to be fixed now as all I see is my traffic and broadcasts. We'll see what happens when people return home and the network gets busy again. On point five, is there ever not one doing more or less that any more? On point six, well, its Wednesday now. Rob - -----Original Message----- From: Fred Cohen [mailto:fc@all.net] Sent: Tuesday, December 04, 2001 1:32 PM To: Information Warfare Mailing List Subject: [iwar] New worm spreading, @home coming back, etc. It is a very interesting week, and I thought I would comment on it. I'll be brief, but I am interested in other views. 1) There is a war on and many participants are seeking to attack information infrastructures for things ranging from public relations to critical infrastructure attacks. 2) 4.1 Million people were summarily kicked off the Internet and are slowly being put back on under increased restrictions on use - including that AT&T owns copy and distribution rights to all content passing out from their network - including not having 'services' on computers in their network - including knowing how many individuals are users and charging per individual. The current cable performance is far higher than before - probably because of very light loads. Many have moved to other services - I have always had redundancy and used it well - but others who have to chose have now opted out of @home. 3) The only things that were happening in the @home network while the service was down but the modems were still turned on was that viruses were continuing to spread - yes the viruses persisted without routing or DNS or anything else - finding their way to any IP address they coud reach. 4) As the @home network came back up, it revealed many many UIDs and passwords because the modems were not brought up in a restricted enough operating mode. For those who recorded the traffic, it is a goldmine. 5) A new and destructive virus is said to be spreading rapidly in the Internet. 6) It's only Tuesday. FC - --This communication is confidential to the parties it is intended to serve-- Fred Cohen Fred Cohen & Associates.........tel/fax:925-454-0171 fc@all.net The University of New Haven.....http://www.unhca.com/ http://all.net/ Sandia National Laboratories....tel:925-294-2087 - ------------------------ Yahoo! Groups Sponsor - ---------------------~--> See What You've Been Missing! Amazing Wireless Video Camera. Click here http://us.click.yahoo.com/75YKVC/7.PDAA/ySSFAA/kgFolB/TM - ---------------------------------------------------------------------~ - -> - ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPA028ua2P6TrxG1EEQJi1ACeJj9GmuGjhQrEbW2+DJQ0B1C0e80An2NP rM1Xx+ITcYy9tvi817AcZIr8 =rsfH -----END PGP SIGNATURE----- [Non-text portions of this message have been removed] ------------------------ Yahoo! Groups Sponsor ---------------------~--> See What You've Been Missing! Amazing Wireless Video Camera. Click here http://us.click.yahoo.com/75YKVC/7.PDAA/ySSFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 21:00:00 PST