Re: XP SP2 Firewall security breach

From: Moe Trin (ibuprofin_at_painkiller.example.tld)
Date: 11/14/04


Date: Sun, 14 Nov 2004 10:57:54 -0600

In article <t4-dnSdC8eYcpQvcRVn-vg@mersinet.co.uk>,
"John Anderson"j89anderson@hotmail.com wrote:

>Came across this today, can't believe what I'm reading, but it seems
>microsoft have put in a backdoor to the XP SP2 Firewall!

Hmmm... "Golly gee" type announcement of yet another microsoft fiasco,
with NO reference to a credible source, separately posted to (at least)
alt.security, alt.os.security, and alt.computer.security.

>check out this link to secure yourself...

Invitation to an unknown site - again, NO information, but promise of
some magic "fix".

>http://www.cebrasoft.com/FWMonitor

[compton ~]$ host www.cebrasoft.com
www.cebrasoft.com is a nickname for iis1.linix.net
iis1.linix.net has address 217.14.176.202
[compton ~]$

>NNTP-Posting-Host: 217.14.181.80
>From: "John Anderson"j89anderson@hotmail.com

[compton ~]$ host 217.14.181.80
80.181.14.217.IN-ADDR.ARPA domain name pointer 217-14-181-80.as2582.net
[compton ~]$ host 217-14-181-80.as2582.net
Host not found.
[compton ~]$ domain.check as2582.net
No match for "AS2582.NET"
[compton ~]$ domain.check -as 217.14.181.80
route: 217.14.176.0/20
descr: Linix
origin: AS25582
source: RIPE
[compton ~]$

I'd trust microsoft before I'd trust a spammer hyping his own site with a
hotmail address, from a host with a false name.

KIDS! THIS IS HOW YOU GET VIRUSES / TROJANS / SPYWARE INSTALLED ON YOUR
SYSTEMS. It's also how your email address may get added to some spam list.

Sorry, mister spammer - I've got better things to do. You may want to
talk to the incompetent klowns at mersinet.co.uk, and tell them that they
fucked up the DNS record - it's as25582.net, not as2582.net - but neither
agree with the RIPE address assignments, so that pretty well identifies
them as blackhats or fools - you figure which. Not that it really matters,
as neither should be allowed to connect to anyone's computer, much less
install this magic fix.