不正アクセス解析スレ

From:Approved< [email protected] >
Reply-To:Approved< [email protected] >
To: [email protected] [email protected]
Subject:A CreditCardIsWaitingForYou! llCreditTypesWelcome!
Received:from [64.32.34.150] by hispeedmedia.com with ESMTP id **
Received:(qmail invoked by uid 6)
From [email protected]
This email was sent to you by, Hi-Speed Media Inc.,
a marketing partner of First PREMIER Bank, not from the Bank itself.
Please direct all concerns about this email or your inclusion on this list
to our email address listed above.
To unsubscribe from the Hi-Speed Media mailing list, please
enter your e-mail address above and click "REMOVE" or
click here.

To unsubscribe from the Offer888.com list,
visit http://opt-out.offer888.net/[email protected]
http://opt-out.offer888.net/[email protected]
http://opt-out.offer888.net/[email protected]
http://opt-out.offer888.net/?e=
* To remove yourself from this mailing list, point your browser to:
http://i.mb00.net/remove?funnymoney
* Enter your email address ( [email protected] ) in the field
provided and click "Unsubscribe". The mailing list ID is "funnymoney".
hsmspecials.com (pri=0)
接続に失敗：ネットワークが混雑しているか、サーバが停止している可能性があります。
speeddeals.com (pri=0)
接続に失敗：ネットワークが混雑しているか、サーバが停止している可能性があります。

>>213
お前何回もうざい。

＞＞212
うーん、そーいうときは、何すればよいでしょう？（初心者版で聞くべき？スマソン）

>>215
無視したらどうっしょ。
villi感染→Ping打ちまくりって、何だか変な話なんだけど。

精神的ブラクラ踏んで、脱力中。

馬鹿どもの隔離スレはこちらですか？

日付: 2002/05/17 時刻: 22:55:58
ｱﾄﾞﾚｽ 211.191.238.190 からの不正侵入の試みを規則 NetBus ﾄﾛｲの木馬のﾃﾞﾌｫﾙﾄ遮断
によって検出しました｡
以降のｱｸｾｽを 30 分間遮断しました｡

しつこいよ。。。マジで。。。

>>217 おまい失礼だぞ

63.51.99.142

[email protected] 通称「真由子」てめーしつけーぞ!!
http://117114.com/?kg　ここ有名なスパムサイトなので皆さん
絶対にアクセスしないで下さい

>>201

おお!!

とてもよくわかりました。目から鱗が落ちた気がします。
exploitとかでなく単純にWorld writableなanon-ftpサイトを
探していたのですね。

マクロ的に言えばある意味Warezな人たちにとってINTERNETが
超巨大なストレージになっているということだと思いますが、ミクロ的には
実害は余りないので、手の打ちようのない現実なのだと思いました。

感謝、感謝です。

203.83.71.232

香港からのお客さん。
やっぱ、中国系は日本嫌いが多いのかな？

217.185.74.189

このひとさっきから３０回以上来るんですけど。
なんか恨みでもあるのかなあ？
ノートンが回線を３０分遮断してもそのあと懲りずに何度も来る。ちょっと調べたらヨーロッパからのお客さんってことだけはわかった。

>>214
うざい
うざい
うざい
うざい
うざい
うざい
うざい
うざい
うざい
うざい
うざい
うざい

>>225
うさぎ
うさぎ
うさぎ
うさぎ
うさぎ
うさぎ
うさぎ
うさぎ
うさぎ

HTTP経由でIRCに接続しようとしたアホ

62.211.221.36 - - [18/May/2002:06:24:15 +0900] "CONNECT 192.244.23.2:6667 HTTP/1.0"
200 7582

80にたくさんコマンド投げられた。
けど、生ＩＰ出てるし、踏み台？
38.pool2.dslosaka.att.ne.jp

>>228
# nmap (V. 2.54BETA34) scan initiated Sat May 18 10:52:35 2002 as: nmap -v -sS -P0 -F -O -o test.txt 38.pool2.dslosaka.att.ne.jp
Interesting ports on 38.pool2.dslosaka.att.ne.jp (165.76.141.38):
(The 1093 ports scanned but not shown below are in state: closed)
Port State Service
25/tcp open smtp
80/tcp open http
135/tcp open loc-srv
139/tcp open netbios-ssn
443/tcp open https
1025/tcp open listen
1026/tcp open nterm
6666/tcp open irc-serv
7007/tcp open afs3-bos
Remote OS guesses: Windows Millennium Edition (Me), Win 2000, or WinXP, MS Windows2000 Professional RC1/W2K Advance Server Beta3
TCP Sequence Prediction: Class=random positive increments
Difficulty=101669 (Good luck!)
IPID Sequence Generation: Busy server or unknown class

# Nmap run completed at Sat May 18 10:52:41 2002 -- 1 IP address (1 host up) scanned in 6 seconds

おうおう　>>第三者中継可能!!!!!!!!!!!!!! 　よ、

>>229 でおまえの好きなポート開いてるぞ、バカのひとつ覚えで調べればい
いじゃん　結果報告すれや

攻撃内容ってどうやって調べるんですか？
あと"LiveUpDateを見たら...."とは？？？

>>227
(ﾟДﾟ)ﾊｧ?

>>230よ、
>>229 でおまえの好きなポート開いてるぞ、バカのひとつ覚えで調べればい
いじゃん　結果報告すれや

From:"APA"< [email protected] >
Reply-To: [email protected]
To: [email protected] [email protected]
[email protected]
Subject:You're alreadyApproved
Received:froml3.3web45.com([66.185.166.27]) by *.com
with Microsoft SMTPSVC(5.0.2195.4905)
Received:(qmailinvoked by uid 7)
Message-ID:< [email protected] >
Return-Path: [email protected]
ClickforMail never sends unsolicited email. You have received this message because you
registered with ClickforMail OR one of our carefully selected marketing partners.
If you no longer wish to receive these offers, please follow the instructions
at the bottom of this message.
Do You Meet These Criteria?
Live in the United States?
Have a Social Security Number?
18 Years of Age or Older?
Have a Valid Checking or Savings Account?
Have Valid Job or other Income of at Least $750.00/month?
Have a Home Phone Number?
No Pending Bankruptcy?
No current delinquencies in past 60 days?
If you answered YES to all of these simple questions we GUARANTEE
that you will receive a credit card with up to a $5000 credit limit.

If you would no longer like to receive e-mail from us you can unsubscribe CLICK HERE:
The preceding message was sent to you as an opt-in subscriber to ClickforMail.
If you wish to unsubscribe please follow this link:
http://remove.3web45.com/[email protected]

>>228
たぶんNimda
1回の行動で10数回のリクエストが来る

第三者中継可能？　スパムより判明
l3.3web45.com
Relay test 6
>RSET
<250 flushed
>MAIL FROM:<[email protected]>
<250 ok
>RCPT TO:<relaytest%[email protected]>
<250 ok

To unsubscribe from the Offer888.com list,
visit http://opt-out.offer888.net/[email protected]
http://opt-out.offer888.net/[email protected]
http://opt-out.offer888.net/[email protected]
http://opt-out.offer888.net/[email protected]
http://opt-out.offer888.net/[email protected]
http://opt-out.offer888.net/[email protected]
* To remove yourself from this mailing list, point your browser to:
http://i.mb00.net/remove?funnymoney
* Enter your email address ( [email protected] ) in the field
provided and click "Unsubscribe". The mailing list ID is "funnymoney".

UDP port probe, 210.150.14.100, 419
[スキャン] 攻撃者は、特定のポートがリモートアクセスに使用
できるかどうかを調べようとしています。

218.27.88.169
中国からかましてきた。

Telnetで接続したら接続できるんでやんの・・・

>>238 FTPもいける

■[真由子]
[ここで待ってます]
ttp://117114.com/?kg早く来てね！
※これを餌にしてのスパム誘導、で踏み台になっているのが
218.224.37.227　

62.194.104.158:2353

TCP Port 3128て何があるんでしょうか？

From:E-MailSavings< [email protected] >
To: [email protected] [email protected]
[email protected] [email protected]
Subject:SALE->VideoSurveillance,UNDER$50BUCKS!
Received:from[216.34.75.50]by l3.3web45.com with ESMTP id **
Received:(qmailinvokedfrom6)
Received:from mail.link2buy.com (216.34.74.50) by 10.3.220.33 with SMTP From [email protected]
Message-ID:< [email protected] >
In less than 10 minutes, you can set up a professional surveillance camera without ever breaking a sweat. How?
Introducing the XCam2, a wireless video camera that broadcasts LIVE COLOR video to any TV, VCR or PC* within 100 feet.
That means no wires and no mess!
If you order now, you'll also receive a FREE motion-activated VCR Commander: automatically record video from your camera straight
to your VCR! Gigantic $100 VALUE!
This is a recurring mailing. If you wish to unsubscribe from this list, please click here, reply to this email with "unsubscribe"
as the subject, or copy and paste the link below into your browser address bar.
http://link2buy.com/c/ES/[email protected]&P=ES2044_20020515_665
Any third-party offers contained in this email are the sole responsibility of the offer originator.
Copyright 2002 E-MailSavings

第三者中継可能？　スパムメールより
mail.ombramarketing.com
>RSET
<250 flushed
>MAIL FROM:< [email protected] >
<250 ok
>RCPT TO:< relaytest%[email protected] >
<250 ok

mail.link2buy.com
inbound02.link2buy.com
>RSET
<250 flushed
>MAIL FROM:< [email protected] >
<250 ok
>RCPT TO:< relaytest%[email protected] >
<250 ok

To unsubscribe from the Offer888.com list,
visit http://opt-out.offer888.net/[email protected]
http://opt-out.offer888.net/[email protected]
http://opt-out.offer888.net/[email protected]
http://opt-out.offer888.net/[email protected]
* To remove yourself from this mailing list, point your browser to:
http://i.mb00.net/remove?funnymoney
* Enter your email address ( [email protected] [email protected] ) in the field
provided and click "Unsubscribe". The mailing list ID is "funnymoney".

ttp://www.093019.com
ttp://889860.com/?kg
ttp://117114.com/?kg　　いずれもHNとメアド変えての悪徳サイト誘導

１分２回のペースでポートスキャンやって来る
暇人？？？アフォ？？
晒しage
210.236.64.130

>>244
魔法のあいらんどが被害受けやすいよね。
ただ、リンクが張れないので削除するのがオチ(ｗ

>>245
てめーは>>1を読め。

ニムダもコードレッドも毎日だな。
だいたい平均すると２０件くらいかな。
さて、多いのか少ないのか。

From:EqualaMAIL< [email protected] >
To : [email protected] [email protected]
[email protected] [email protected]
[email protected]
Subject:Offensive content on YOUR PC? Find out now!
Received:from[66.70.89.20] by link2buy.com with ESMTP id ** Received:by dpm1.emailsvc.net (PowerMTA(TM) v1.5)
(envelope-from< [email protected] >)
Received: from mail (10.224.72.159) by 10.0.0.2 with SMTP
From [email protected]
Message-ID:< [email protected] >
=============================================================================
The following offer was mailed by EqualaMAIL on behalf of contentwatch.com
=============================================================================
Think there's no offensive content on your PC? Think again.
It's possible to pick up objectionable files by accident
from the Internet!
Check now to be sure you're safe!
FREE PC Check! No Obligation. Just Information.
http://track.coopt.com/track.php?c_lid=1146&c_uid=12345678.
==========================================================================
This EqualaMAIL Promotion was sent to you as a valued subscriber.
If you would rather not receive emails from EqualaMail and would like to
delete your name from our list please click below:
http://track.coopt.com/members/[email protected]&a=12345678.
Questions, Opinions or Feedback
Email: [email protected] or
write at: Equalamail, PO Box 23248, Ft. Lauderdale, Fl. 33307
==========================================================================

第三者中継可能？
Equalamail.emailsvc.net
>>> RSET
<<< 250 flushed
>>> MAIL FROM:< [email protected] >
<<< 250 ok
>>> RCPT TO:< relaytest%[email protected] >
<<< 250 ok

To unsubscribe from the Offer888.com list,
visit http://opt-out.offer888.net/[email protected]
http://opt-out.offer888.net/[email protected]
http://opt-out.offer888.net/[email protected]
http://opt-out.offer888.net/?e=
* To remove yourself from this mailing list, point your browser to:
http://i.mb00.net/remove?funnymoney
* Enter your email address ( [email protected]
[email protected] [email protected] ) in the field
provided and click "Unsubscribe". The mailing list ID is "funnymoney".