Re: strange SMTP traffic from Korea

• Previous message: Mike: "Re: PGP and self-extracting files"
• Maybe in reply to: Barry Margolin: "Re: strange SMTP traffic from Korea"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 7 Dec 2003 02:29:56 -0800

jayjwa <jayjwa@hotspam.microsoftsux.suk> wrote in message news:<vsisv2qhv7p725@corp.supernews.com>...
> Damian Menscher wrote:
> > I tried posting this to the incidents list a few weeks ago, but the
> > moderator didn't find it worthy. Our local security people don't
> > speak Korean, so they say there's nothing they can do. So, I'm
> > asking for help here:
> >
> > Since Oct 13 we've been seeing some rather unusual traffic from
> > various IPs in Korea (list below). It was leaving logs like the
> > following:
>
> Funny you mention this... What's up with that country? I banned Korea
> along time ago from my MTA, but they are always trying to connect to
> someplace to try something. I just had one about 20 min. ago. I had him
> mapped out before he disconnect- a Windoze machine with a ton of
> services on it, including a sql server set to its default install. I
> hide behide a proxy and then checked out it's http, and it was of course
> all in Korean, but I made out somekinda login, one on the left, and one
> on the right. They were running Apache 1x, but this wasn't basic auth,
> it was somethign they cooked up themselves. I've never seen a more
> insecure computer before, so that got me to thinking, maybe all this
> crap we see from them is really due to compromised systems? e.g., they
> get owned hard then Oh, Look! now it appears that Korea is playing
> monkey tag with your mail server...
>
> The authorities don't speak the language, so they ain't gonna do
> anything? Great, then I hope they are just as dumb-founded going the
> otherway too, does this mean I get to brute-force that login screen,
> because maybe the authorities don't speak the language? Bhaaa...

A lot of them are hacked, I've found, backed up by replies from the
policy enforcement departments of a few Asian ISPs that spammers had
hacked many of their customers. But hacked or not, those machines are
causing serious problems for the rest of us.

Sponge
Sponge's Secure Solutions
www.geocities.com/yosponge
My new email: yosponge2 att yahoo dott com

• Previous message: Mike: "Re: PGP and self-extracting files"
• Maybe in reply to: Barry Margolin: "Re: strange SMTP traffic from Korea"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: strange SMTP traffic from Korea ... > various IPs in Korea. ... The authorities don't speak the language, ... (comp.security.misc) Re: Related languages (Re: A China-Sumer connection) ... >> between pidgin and creole must be based on grammar. ... > grammar based on a language from group A and they would place the ... > being based on the grammar of the languagethey already speak, ... > how the different varieties of English come about: ... (sci.anthropology) Re: Related languages (Re: A China-Sumer connection) ... >> between pidgin and creole must be based on grammar. ... > grammar based on a language from group A and they would place the ... > being based on the grammar of the languagethey already speak, ... > how the different varieties of English come about: ... (sci.lang) Re: Big Indy race coming up ... See Larry Mac for required lessons? ... Butchery of the language ... Well I would argue less if Larry Mac was doing a news broadcast. ... to speak with a modicum of correctness. ... (rec.autos.sport.indy) LNH: LNH Comics Presents #55: Infinite Leadership Crisis Episode 20 ... But all she can do is speak ... Linguist Lass smiled. ... Now, New Look Lass, what language would you ... thinking in English and it comes out in any language I ... (rec.arts.comics.creative)