Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Austin Decking 512-385-5334 Austindecking wholesale

From: "ragdelaed" <ragdelaed () gmail com>
Date: Tue, 14 Nov 2006 09:45:33 -0500
From the original header:

Received: from [194.24.158.16] by web58409.mail.re3.yahoo.com via HTTP;
        Tue, 14 Nov 2006 00:46:24 PST
Date: Tue, 14 Nov 2006 00:46:24 -0800 (PST)
From: William Stanley <vegacash () yahoo com>
To: full-disclosure () lists grok org uk

194.24.158.16 is not lumbermax.com, it’s a box in Austria. 

If I was a spammer, it would be easy to sub a known blacklisted spammer to
try and hide my point of origin. 

"William Stanley" is the real spammer and he used a box in Austria or
"William Stanley" has nothing to do with this and someone else used a box in
Austria.

Always look for the source. Since the 194.24.158.16 address is recorded in
the header by the webmail yahoo box, I would probably say the 194.24.158.16
address is not forged. That is the originating address of this email.

Don’t believe anything else below it unless you actually sent it. It can be
forged.

And did you scan lumbermax.org from inside archbishop alter high school? If
so, be very careful about doing that. The high school administration may not
appreciate you scanning a legit company from inside their domain. And don’t
explore any of the open ports from inside the high school. 

But then again, you are listed as the high schools network engineer, so I
guess you would be the point of contact if lumbermax.com has an issue,
correct?

________________________________________
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of David
Swafford
Sent: Tuesday, November 14, 2006 9:07 AM
To: full-disclosure () lists grok org uk; William Stanley
Subject: Re: [Full-disclosure] Austin Decking 512-385-5334 Austindecking
wholesale

Golden.......
 
NMAP shows the following (lumbermax.com):
21/TCP - OPEN - FTP
22/TCP - OPEN - SSH
25/TCP - OPEN - SMTP
53/TCP - OPEN - DOMAIN
80/TCP - OPEN - HTTP
110/TCP - OPEN - POP3
111/TCP - OPEN - RPCBIND
135/TCP - FILTERED - MSRPC
137/TCP - FILTERED - NETBIOS-NS
138/TCP - FILTERED - NETBIOS-DGM
139/TCP - FILTERED - NETBIOS-SSN
143/TCP - OPEN - IMAP
443/TCP - OPEN - HTTPS
445/TCP - FILTERED - MICROSOFT-DS
593/TCP - FILTERED - HTTP-RPC-EPMAP
631/TCP - OPEN - IPP
3306/TCP - OPEN - MYSQL
 
 
- Running Apache 2.052 (so there's some exploitable flaws here as current
ver is 2.059).  Its running on a CENTOS box and the apache error says the
domain is LYFE-CARD.com
- The SMTP services are Sendmail 8.13.1
 
 
____________________________________________________
 
David A. Swafford, Network Engineer
Information Technology Team
Archbishop Alter High School
 
EC-Council Certified Ethical Hacker
 
A Cisco Systems, Inc., Certified Network Associate (CCNA) 
and a CompTIA Network+ and Security+ Certified Professional


<snip>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: