From: scheidell@fdma.com (Michael S. Scheidell) Newsgroups: news.admin.net-abuse.misc Subject: location of crusader proved!! Date: 2 Oct 1995 16:18:26 -0400 Message-ID: <44phei$m4a@fdma.fdma.com> OK, ive got the the proof of where the crusader email spam AND the forged cancels came from. (thank you danhiel at uunet.....) BOTH CAME FROM asso.nis.garr.it. No matter WHAT they say. No matter if they deny it. It they DIDN'T DO IT then their root is compromised. I have copies of the uunet news log with THEIR site as originator of the spam cancels. I have a copy of our tcp_wrapper log, proving the origin of one copy of the crusader email spam. HERE IS UUNETS LOG OF CANCEL FORGERIES.... notice the ip address 192.12.192.10 (uunet doesn't have time for reverse lookup) but, here is nslookup: Default Server: localhost Address: 127.0.0.1 > 192.12.192.10 Server: localhost Address: 127.0.0.1 Name: asso.nis.garr.it Address: 192.12.192.10 > guess what.. These bastards have denied having anything to do with this. But, this AND the tcp_wrapper log on OUR sendmail showing and VERIFYING their site as the originator, of not only the crusader email spam, BUT also of the forged cancels. I think these people need to be taken off the air NOW. (email address at uunet XXXed out at senders request) Forwarded message: > From XXXXXXX@uunet.uu.net Mon Oct 2 14:42:28 1995 > Resent-Date: Mon, 2 Oct 1995 14:43:32 -0400 > Resent-From: XXXXX@uunet.uu.net (Danhiel Baker) > Resent-Message-Id: <QQzjte20983.199510021938@odin.UU.NET> > From: XXXXX@uunet.uu.net (Danhiel Baker) > Date: Mon, 2 Oct 1995 14:43:31 -0400 > Message-Id: <OAA27395.199510021843@news-in2.UU.NET> > To: XXXXXX@uunet.uu.net > Subject: It. Forgeries > Sender: XXXXX@uunet.uu.net > Resent-To: scheidell@fdma.com > > Sep 29 18:18:54.073 - 192.12.192.10 <cancel.44gtlu$pn0@fdma.fdma.com> 437 Whitespace in "Newsgroups" header -- "news.admin.net-abuse.misc " > Sep 29 18:20:26.264 + 192.12.192.10 <cancel.44gtlu$pn0@fdma.fdma.com> (control/cancel/240080) uu!net > Sep 29 18:23:06.848 - 192.12.192.10 <cancel.44h7fg$blf@agate.berkeley.edu> 437 Whitespace in "Newsgroups" header -- "news.admin.net-abuse.misc " > Sep 29 18:23:58.242 + 192.12.192.10 <cancel.44h7fg$blf@agate.berkeley.edu> (control/cancel/240084) uu!net pipex > Sep 29 18:25:18.090 + 192.12.192.10 <cancel.44hi7v$c1@bcarh8ab.bnr.ca> (control/cancel/240089) uu!net pipex > Sep 29 18:28:07.075 + 192.12.192.10 <cancel.44hhgp$6sb@nimitz.fibr.net> (control/cancel/240097) uu!net pipex > Sep 29 18:28:51.274 + 192.12.192.10 <cancel.DFoGKp.Hr6@midway.uchicago.edu> (control/cancel/240098) uu!net pipex > Sep 29 18:29:52.028 + 192.12.192.10 <cancel.44g6pr$53d@mark.ucdavis.edu> (control/cancel/240099) uu!net pipex > Sep 29 18:31:09.710 + 192.12.192.10 <cancel.44gl4f$b0h@clarknet.clark.net> (control/cancel/240103) uu!net pipex > Sep 29 18:33:14.367 + 192.12.192.10 <cancel.44go5u$ida@sundog.tiac.net> (control/cancel/240105) uu!net pipex news.sprintlink.net > Sep 29 18:35:34.964 + 192.12.192.10 <cancel.44gqui$p59@clarknet.clark.net> (control/cancel/240112) uu!net pipex > Sep 29 18:38:59.511 + 192.12.192.10 <cancel.jas-2909951043370001@async4.groupz.net> (control/cancel/240116) uu!net pipex > Sep 29 18:39:33.814 + 192.12.192.10 <cancel.44h7pa$n40@universe.digex.net> (control/cancel/240117) uu!net pipex > Sep 29 18:40:16.478 + 192.12.192.10 <cancel.44h94f$860_003@slc39.xmission.com> (control/cancel/240119) uu!net news.sprintlink.net > Sep 29 18:41:19.889 + 192.12.192.10 <cancel.44he1m$9pl@geraldo.cc.utexas.edu> (control/cancel/240127) uu!net pipex > Sep 29 18:41:55.407 + 192.12.192.10 <cancel.44grl3$g5o@vixen.cso.uiuc.edu> (control/cancel/240129) uu!net pipex > Sep 29 21:15:15.000 + 192.12.192.10 <cancel.Pine.SOL.3.91.950930080955.29926A-100000@lawson.its.utas.edu.au> (control/cancel/240519) uu!net pipex news.sprintlink.net > Sep 29 21:17:41.438 + 192.12.192.10 <cancel.44httc$me7@shellx.best.com> (control/cancel/240526) uu!net > Sep 29 23:04:23.080 + 192.12.192.10 <cancel.44ib0s$p7e@sadie.digex.net> (control/cancel/240736) uu!net pipex > Sep 29 23:05:55.217 + 192.12.192.10 <cancel.44i92p$3qp@segfault.monkeys.com> (control/cancel/240740) uu!net pipex > Sep 29 23:09:17.792 + 192.12.192.10 <cancel.irons-2909952014560001@dak176-85.hampshire.edu> (control/cancel/240746) uu!net pipex > Sep 29 23:10:37.425 + 192.12.192.10 <cancel.44hqkq$suo@falcon.ccs.uwo.ca> (control/cancel/240747) uu!net pipex > Sep 29 23:11:20.255 + 192.12.192.10 <cancel.44i78a$3fn@segfault.monkeys.com> (control/cancel/240748) uu!net pipex > Sep 30 04:39:41.501 + 192.12.192.10 <cancel.44if6c$t7t@panix.com> (control/cancel/241299) uu!net pipex news.sprintlink.net > Sep 30 04:43:16.218 + 192.12.192.10 <cancel.rnewman-2909952206130001@dial1-30.cybercom.net> (control/cancel/241302) uu!net pipex > Sep 30 04:50:04.973 + 192.12.192.10 <cancel.44if8j$80k@wilma.widomaker.com> (control/cancel/241325) uu!net pipex > > -- Michael S. Scheidell Florida Datamation, Inc. <mailto:scheidell@fdma.com> <http://www.fdma.com/> Distributors of QNX Real Time OS (407) 241-2966 Definition of an Upgrade: Take old bugs out, put new ones in.