| ||Thread Tools|
|2nd April 2004, 18:48||#1023|
Er loopt een man door de Kalverstraat als hij voor zich een touw ziet hangen.
Hij kijkt waar het touw vandaan komt, maar dat touw verdwijnt gewoon de bewolking in...zo hoog.
De man wordt nieuwsgierig en klimt naar boven.
Hij klimt en klimt en klimt en klimt... tot hij bij de
Petrus kijkt de man verbijsterd aan. "Wat doet u hier, het is nog lang uw tijd niet!"
De man legt uit hoe hij er is gekomen is en vraagt:"Goh, nu ik hier toch ben...mag ik dan even een kijkje nemen?"
Petrus haalt zijn schouders op en zegt:"Waarom ook niet, als je maar zorgt dat je stipt om 2 uur terug bent. Dan haal ik het touw weg en is er geen weg terug."
De man stemt in en hij verdwijnt de hemel in. En het is er prachtig!
Mooi weer...mooie stranden...noem maar op.
En je snapt het natuurlijk al, de man vergeet de tijd.
Om 3 uur slaat de schrik hem om het hart en hij spurt terug, en jawel hoor...het touw is weg.
Petrus ziet de man en haalt zijn schouders op: "Sorry hoor, ik heb je gewaarschuwd! Er is geen weg meer terug. Ga maar weer de hemel in."
De man begint te smeken of hij aub weer terug mag...zijn werk op aarde is nog niet afgewerkt etc....
Petrus laat zich uiteindelijk vermurwen.
"Het enige wat ik voor je kan betekenen is je veranderen in een spin.
Dan kun je zelf een draad spinnen en je naar beneden laten zakken.
Eenmaal op aarde verander je vanzelf weer in een mens."
De man stemt in, wat moet hij anders.
En Petrus veranderd hem in een spin.
De man/spin laat zich aan zijn eigen draad zakken en verdraaid...30 meter boven de grond is het spinrag op. De man is wanhopig.
Zo kan ik toch niet blijven hangen? denkt hij en hij perst er nog een stuk spinrag uit...jawel...weer 5 meter verder.... "
Nee," denkt die man, da''s me nog te hoog! en "mmmmmppppppffffff," hij probeert er weer wat spinrag uit te persen....
Op dit moment maakt zijn vrouw hem wakker:
"JOS!!!!! WAKKER WORDEN.... JE SCHIJT HET HELE BED ONDER!"
|6th April 2004, 09:38||#1029|
Join Date: May 2002
Some of you who were on #linux on friday will know part or most of this
story already as i witnessed some of it (while drinking a truly
delicious hot chocolate). For those of you who don't, the following is a
report written up by a friend of mine on his succussful (or at least,
it's looking good) attempt to stop and catch a 419 scammer. I feel it's
worth the read
-------- Original Message --------
Subject: I fought the scammer... and I won.
Date: Fri, 02 Apr 2004 21:54:30 +0100
From: Steffen Higel <Steffen.Higel at cs.tcd.ie>
To: John Allman <allmanj at houseofireland.com>,
paulinemccaffrey at eircom.net, stevecash at ireland.com,
tony.odonnel at cs.tcd.ie, declan.dagger at cs.tcd.ie,
edwin.higel at brookside.ie, marynstanley at eircom.net,
richard.bannister at cs.tcd.ie, oconnoat at tcd.ie, jean.higgins3 at mail.dcu.ie
[This is long, and is quite heavy on the technical discussion. Skip the
bits you don't understand. It gets interesting.]
I work for a busy Dublin Internet cafe, doing some sysadmining and
general computer maintenance. On Sunday the 28th of March, I got a
rather distressing email from a sysadmin in a large U.S. University.
Spamcop had blacklisted our server's external IP address. Abuse mail for
the server in question gets sent to my college account (bad practice, I
know, but it's a part time job). My college uses Spamcop as a blacklist
source. You can probably tell what happened...
Anyway, said email included the full headers of an email which was
natted by our server pretending to be from the widow of Mr. Jonas
Savimbi, offering the recipient a share of an unspecified large sum of
money. The usual panicked thoughts kick in... "Have I fiddled with
something which has left us as an open relay?", "Has our server been
cracked?", "Have I been sleep-spamming again?". A more reasoned
examination of the headers showed that the mail had originated from one
of the IP addresses that we assign dynamically to people who bring
laptops into the cafe. This is something of a nightmare for cafe
operators, we can hardly block outbound smtp but then again it isn't
possible for us to manually check every single mail either. Maybe rate
limiting is a valid technical solution. Or a contraption which hits the
user on the head for every mail they send. So if they send 1 an hour,
it's a mild nuisance. But if they send 100 a minute, it'll probably kill
A peek through the logs revealed:
Mar 26 15:04:16 server dhcpd-2.2.x: DHCPDISCOVER from 00:40:f4:5d:aa:f7
Mar 26 15:04:17 server dhcpd-2.2.x: DHCPOFFER on 192.168.1.70 to
00:40:f4:5d:aa:f7 via eth1
Mar 26 15:04:17 server dhcpd-2.2.x: DHCPREQUEST for 192.168.1.70 from
00:40:f4:5d:aa:f7 via eth1
Mar 26 15:04:17 server dhcpd-2.2.x: DHCPACK on 192.168.1.70 to
00:40:f4:5d:aa:f7 via eth1
Mar 26 15:04:20 server dhcpd-2.2.x: DHCPREQUEST for 192.168.1.70 from
00:40:f4:5d:aa:f7 via eth1
Mar 26 15:04:20 server dhcpd-2.2.x: DHCPACK on 192.168.1.70 to
00:40:f4:5d:aa:f7 via eth1
Bingo. I had something to work with. The network card is one based on a
Cameo 32bit chipset. Matches up quite nicely with these:
Return-Path: <mjsavimbi2000 at yahoo.co.uk>
Received: from 192.168.1.70 (server.XXXXXX [XXXXXXX.29])
byXXXXXXXXXXXXXXXXXX) with SMTP id i2QFrgi0002755
for <XXXXXXXXXXXXXX>; Fri, 26 Mar 2004 10:53:44 -0500 (EST)
Reply-To: "michelle savimbi" <mjsavimbi2000 at yahoo.co.uk>
From: "michelle savimbi" <mjsavimbi2000 at yahoo.co.uk>
Subject: urgent response
Date: Fri, 26 Mar 2004 15:53:26 +0000
X-Priority: 3 (Normal)
X-Mailer: Microsoft Outlook Express 6.00.2600.0000ams
X-MimeOLE: Produced by Microsoft MimeOLE V6.00.2800.1165
I asked around, and a man, described as being black (or is the word
African-American these days?), roughly 30, with an accent which seemed
half London and half African had been in the cafe with a laptop and had
a number of visitors call into his booth and had been there at the given
I hate spam more than I hate crackers. I hate spam more than I hate
virus writers. I wanted to catch this guy in the act and I wanted to see
him hauled off in a paddywagon. We contacted the police, who
unfortunately didn't seem willing to do anything about it unless we
caught someone in the act of doing something illegal. The daily staff in
the cafe were instructed to let me know if said individual turned up
again, though honestly, who could be that stupid? My hopes weren't high.
Evidently, a 419er is that stupid. The very next Friday (2nd of April
2004) he turned up again. I was on the bus at the time, just about to go
in for another day of world altering research. I ran down as fast as I
could and was told that he was on the second floor and hadn't plugged in
yet because he wanted one particular booth which is somewhat secluded
and was willing to wait.
I sat myself down at a computer in another room, started tailing the
daemon.log and waited for the telltale entries. I took a quick flick
through the tcpdump manpage, just to make sure I didn't screw up. 20
minutes later, it started to happen. He plugged in, and his Windows XP
laptop started to blabber away. WindowsUpdate, Netbios, passport logins.
Nothing much happened for a while. The odd DNS request here, the
GET /search.php?Keywords=male%20erection&p (I'm not messing!)
on 184.108.40.206, which seems to belong to some direct marketing whorehouse.
He logged into this as well: 220.127.116.11, which seems to be some sort
of mail harvesting database. The login is done over SSL, so I can't find
out more. If any militant anti-spam vigilantes want to get a good look
at how these people organize themselves, that's probably a good place to
Then, he spent a bit of time on http://www.emailspidereasy.com. Don't
you just love the fake google-textads? He logged into mail.com next,
using the email address kendoda at accountant.com. Whatever hash they use
for passwords was aaka7zxkcNo. Then, he logged into his yahoo mail
account. This was probably to check the account that in which he
receives those mails. It looks like the rest happened over SSL.
Then it started. The screen started showing an awful lot of smtp traffic
heading out onto the net. I knew that I had to let it go, even if it
meant another 48 hours of being blacklisted. If it meant he could be
convicted of committing a crime, then I figured it was worth the price.
I hope those who received the mail also feel that way. (sorry )
Before I phoned my contact in the Gardai, I had to make sure that he was
actually sending out his vile wares. I scped the partial dumpfile onto
my laptop, and opened it up in ethereal. Guess what?
220 serverXXXXXXXXXX ESMTP Postfix
MAIL FROM:<mjsavimbi2000 at yahoo.co.uk>
354 End data with <CR><LF>.<CR><LF>
Reply-To: "michelle savimbi" <mjsavimbi200From: "michelle savimbi"
<mjsavimbi2000 at yaSubject: urgent response
Date: Fri, 2 Apr 2004 10:48:20 +0100
Content-Type: multipart/alternative; boundX-Priority: 3 (Normal)
X-Mailer: Microsoft Outlook Express 6.00.2X-MimeOLE: Produced by
Microsoft MimeOLE V
I would like to introduce myself to you [....]
[I've noticed that some characters are missing. This seems to be due to
our server not being able to keep up]
And on it went. To lots of people. 1178 of them. By that time, two
Gardai had called in and wanted to wait until he had sent as many as he
was going to. They seemed fairly convinced at that point that our friend
was engaged in something less than honest. These weren't computer
specialists, but they walked up, knocked on the window of the booth and
He asks them what the problem is and is told to step away from the
computer. He doesn't seem too happy about this, but does so. He's asked
his name and is told that he might like to come down for a chat in the
local station. He says his wallet and ID are in the booth, so he walks
in, rips a USB memory stick from the side of his laptop, tries to
swallow it and makes a run for it. Detective number 1 grabs and tries to
cuff him, detective 2 starts to do the same. A struggle ensues and goes
on for a full 10 minutes, basically trying to pin him on the floor and
then getting his arms behind so he can be handcuffed. Michelle agrees to
co-operate on numerous occasions and each time tries to run to the booth
to destroy whatever is on that machine.
Eventually, 2 more gardai arrive and he's cuffed and brought out, crying
like a little girl claiming police brutality (which is untrue, they
would probably never have even formally arrested him if he hadn't
attempted to run). Detective 1 was explaining to me how it's extremely
difficult to restrain someone without hurting them. They could have had
him subdued in about 10 seconds flat, but there have been instances in
the past where a few gardai in this country have caused quite a bit of
controversy with their liberal application of force. So this eyewitness
applauds the superb work done by these gardai in a very difficult
situation. 10 minutes of struggling with someone is pretty tough work.
So he's carted off in a car back to the local station., where he'll get
a cozy cell. Myself and detective 1 take a look at the equipment he
had... A "mentor" network card (based on the cameo chipset), a badly
chewed (but fairly undamaged looking) USB memory stick and a bulky
laptop running Windows XP. Open on the screen is MS Word with the exact
text of our beloved email and some bulk email program (the icon had a
yellow background with a black @ symbol). His phone is ringing in his
coat constantly. One of his many guests from his previous visit must
want to talk to him.
At one point, 3 guys who would appear to be of similar ethnic background
want to come into the room where Michelle was working. They are told we
are closed due to a technical problem. They were friendly and understood
the situation and departed quickly enough.
Some guys from the computer crime unit turn up, 3 of them. We have a
good chat about what evidence I have on the guy. We look through my tcp
trace, they same happy enough with what's there. They ask if I managed
to sniff any other traffic, http and so forth. They're really hoping
that they can get his email password, so with appropriate judicial
permission (I assume) they can take a look at who has been mailing him.
Yahoo are apparantly extremely uncooperative in this area. He seemed to
be using a mail.com address as well. Proof that he is intending on
scamming people out of money is what the gardai need. I'm not sure if
it's illegal to pretend to be someone you aren't and offer a stranger
money that you don't have. I'm guessing that with the tcpdump I gave
them, their technicians will be able to get something out of it. I'm
more interested in the contents of that USB stick.
So anyway, that's my tale. Michelle has been charged with assault (he
tore off detective 1's wrist watch) and is claiming that he can't speak
any English. Given the potential scale of the scamming operation,
detective 1 reckoned that they'd probably end up handing the evidence
over to interpol or whoever works in Quantico (that's the FBI, right?).
What have I learned? Firstly, digging up evidence on criminals is an
exciting activity. Secondly, if you're an absentee sysadmin for an
Internet cafe, transperantly proxy as much traffic as you can. The logs
will prove useful if you are trying to track an abuser's traffic 24
hours after they have left. I was lucky in this respect, I was proxying
smtp and http to postfix and squid. The added headers in the mails makes
things easier to track. Thirdly, there doesn't seem to be sufficient
clarity among those employed in law enforcement concerning the
legalities of spam. Hell, I don't know what the laws regarding this sort
of thing are. I just know it sucks. Finally, it's a bit out there, but
the gardai should forge closer links with the research community Among
us, we have a whole lot of knowledge of just about every issue under the
sun. We're mostly idealists, and those ideals include a spam-free
Internet. And heck, we're cheap!
Hope that provided some amusement. Forward it on to anyone who is
interested. Really. I want to see it on the front page of slashdot and
el reg within a week. And yes it really happened.
|Thread||Thread Starter||Forum||Replies||Last Post|
|ASUS Develops Own Technology to Rival AMD Turbo Core and Intel Turbo Boost||jmke||WebNews||0||20th April 2010 20:03|
|Having fun on your PC with Compro VideoMate TV cards!||jmke||WebNews||0||18th August 2009 14:32|
|Intel's Turbo Mode on Core i5 to boost CPU to 3.6Ghz||jmke||WebNews||0||24th April 2009 22:41|
|ATI Catalyst 8.8 Officially Released||jmke||WebNews||3||21st August 2008 09:04|
|Thermaltake Silent Boost K8 Athlon64 Heatsink||Sidney||WebNews||0||10th November 2005 23:35|
|Microsoft Reveals Nine New Ways to Get in Touch With the PC||Sidney||WebNews||0||8th September 2004 18:58|
|How to boost your Doom 3 on ATI Hardware||jmke||WebNews||2||9th August 2004 17:13|