Re: Wish list

On Wed, 30 Nov 2005 19:07:55 -0600, Moe Trin wrote:

> On Wed, 30 Nov 2005, in the Usenet newsgroup comp.os.linux.security, in article
> <4qGdnRaAdahI_hDenZ2dnUVZ_sOdnZ2d@xxxxxxxxxx>, Newsbox wrote:
>
>>>> I would like to be able to parse my firewall listings of all the
>>>> unsolicited traffic I receive, and be able to easily determine just what
>>>> supposed or possible vulnerability some criminal creep was trying to find
>>>> or exploit when each was sent.
>
> Keep that last part in mind
>

Sure, ok, I got it groked in...

>>>> I would then like to know exactly what trojan, virus, worm or other
>>>> malware on a zombie host would be sending those packets,
>
> windoze malware du jour
>

You are undoubtedly 100% correct. I was looking for a fairly easy, quick
and accurate way to specific information. Your generalization is
at least fast and correct, I believe.

>>> how (if possible) to directly contact the host
>
> man whois but it's HIGHLY unlikely you'll contact the responsible party.
>

Thanks for the tip. I was actually already familiar with "whois", but
possibly not all readers were. And then there's the part about the low
contact success. It's sad, but "whois" really isn't much help in most
cases, as necessary a utility as it may be. You have given better tips in
the past.

>>>> how to exploit any such known vulnerability to stop the zombied host from
>>>> further attacking me and others.
>
> Get your dictionary out, and look up the word "vigilante", then contact your
> lawyer and see how you would be considered differently from the "criminal
> creep" you referred to above. Got any kids? Does the younger one saying
> that the older one started it (or vice versa) make any difference when you
> are disciplining them for doing something st00pid? Watch NFL football?
> Ever notice how often it's the idiot who retaliates who draws the flag, not
> the instigator?
>

Right! Agreed. I guess I let myself open for that blast. Please kindly
read my response to Greg Metcalfe's kind (first) message, (written
yesterday but only posted today) in which I hope my motives and intentions
are more clearly made. I tried there to be very carefully descriptive in
discussion of ethics and legality, but may not have done it clearly enough
yet. I don't break into houses and steal peoples' stuffs, and I don't
break into people's computers and steal their stuffs (or break them).

I accept responsibility for failing to properly express myself the first
time, and hold you blameless for moral indignation. You did seem to
manage to misunderstand what I did feel I wrote clearly, so I'm assigning
you a share equal to any of my own for any misunderstanding. I regret and
cannot accept responsibility for a society and "network mindset" in which
the only descriptive terms are highly pejorative like "exploit" and
"vulnerability". That does make it harder to write clearly.
In my opinion, when the only operative words available are "buzzwords",
then most of the thought process is excluded from the discussion by
default.

Get your dictionary out, and look up the word "love". That modern word
was once represented by at least four words: storge, philia, eros and
agape. The woman I "love" likes to use e-mail, go shopping on-line and
surf the web. She likes to use Microsoft Windows OS's, uses Windows at
work, and doesn't feel comfortable with my *nix systems. And I want her
to be happy. Period. I think you know where this is going, which is that
all of these random attacks are interfering with my peace of mind and
domestic tranquility, and cutting heavily into my free time. In short,
Sir Moe, I am motivated.

>>What for example are these:?
>>port 2 udp
>>port 1026 udp
>
> RFC0768 User Datagram Protocol. J. Postel. Aug-28-1980. (Format: TXT=5896
> bytes) (Also STD0006) (Status: STANDARD)
>
> Short and sweet - then do a little research on Messenger spam at google,
> and discover how the spammers are spoofing source IP addresses. Your
> counter-attack would probably be aimed at an innocent party, who might NOT
> be as foolish as you, and complain directly to your ISP.
>

I didn't do the research you ordered. "Fill out a form." I am already
somewhat familiar with the subject matter to which you refer. Your
presumption is (I take it) intentionally offensive. If your intention was
not to offend, you failed and I apologize for a curt (if correct)
answer. If you seriously want to talk about spoofing, start a new thread.

>>Sorry, but I don't think you got the "gist" of my request.
>
> We do.

You said earlier:
"> windoze malware du jour"
I think you (specifically _you_, as opposed to "you all") didn't. I see
from other replies that some _did_ get it. Is there more than one of you
here? Or maybe it's the Royal we. Or if you did get it then you simply
ignored it, glossed over it with a sweeping generalization, something like
that. You will probably never see the "devil in the details" if you only
think and write in generalizations.

> Your firewall is blocking this *** - IGNORE IT. You are not the
> mighty avenger who is going to clean up the world.
>

With all due and sincere respects and no hard feelings (plus continued
appreciation of much good help in the past), this does not show your best
qualities. You have no way of knowing that I have not already saved your
respected *** and the lives and futures of all your children and cousins
and sisters and aunts, more than once. For a little while at least. Don't
thank me, I didn't do it for you specifically. And you would be and are
welcome anyway. Best wishes.

> Old guy

.