From: panzer@dhp.com (Matt 'Panzer Boy')
Date: Thu, 14 Mar 1996 10:51:46 +0800
To: cypherpunks@toad.com
Subject: Re: all.net
In-Reply-To: <199603130606.WAA08192@hammerhead.com>
Message-ID: <4i6ues$9rf@dhp.com>
MIME-Version: 1.0
Content-Type: text/plain


More ALL.NET spew, hit D now if you don't care.

A user of system, or something triggered the initial email to our
postmaster account here at DHP.  I replied with a rewording of the
message, as seen below.  This resulted in Fred Cohen deciding that I was
part a huge consipiracy to invade his computer system and decided that
CERT needed to get in on the mailings.  Based on the services available
via ALL.NET's web page, I find this quite funny, so I replied to both CERT
and his provider, PSI.  Please be sure to check out the provided URL's 
available at ALL.NET.

My included response to CERT and , including all previous email in quoted 
form.

 -Matt     (panzer@dhp.com)                         DI-1-9026
 "That which can never be enforced should not be prohibited."
 
-----------------------------------------Cut Here or hit D Now-------------
>From panzer@dhp.comWed Mar 13 11:50:26 1996
Date: Mon, 11 Mar 1996 02:35:24 -0500 (EST)
From: Matt 'Panzer Boy' <panzer@dhp.com>
To: cert@cert.org, postmaster@psi.net
Cc: postmaster@all.net, admin@dhp.com
Subject: Re: Attempted-entry-in.telnetd-by-unknown@dhp.com (fwd)

This administrator at all.net (I assume the whois information is true) is 
making unwarrented threats and accusations.  These threats and warnings 
coming from a site that offers to do port scans on any host via a web 
interface is quite absurd.
References:
 "http://all.net/tests/testsuite.html" For a description of what they do
 "http://all.net/tests/one-time-test.html" To actually try it out

 -Matt     (panzer@dhp.com)                         DI-1-9026

---------- Forwarded message ----------
Date: Sat, 9 Mar 1996 16:16:33 -0500 (EST)
From: Fred Cohen <fc@all.net>
To: cert@cert.org
Cc: panzer@dhp.com
Subject: Re: Attempted-entry-in.telnetd-by-unknown@dhp.com (fwd)

The systems administrator at the following site is apparently a party to
the attmpted entry to our site reported below.  What is the procedure for
contacting federal authorities to investigate attempted breakins to
Federal Interest Computers?

Forwarded message:
> From admin@dhp.com Sat Mar  9 16:11:03 1996
> Date: Sat, 9 Mar 1996 16:11:57 -0500 (EST)
> From: DHP Administrator <admin@dhp.com>
> To: root <root@all.net>
> Subject: Re: Attempted-entry-in.telnetd-by-unknown@dhp.com
> In-Reply-To: <9603090948.AA25300@all.net>
> Message-Id: <Pine.LNX.3.91.960309155116.9846A-100000@dhp.com>
> Mime-Version: 1.0
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> 
> On Sat, 9 Mar 1996, root wrote:
> > A user at your site has just attempted to telnet into our site without
> > proper authorization.  We consider this inappropriate behavior and would
> > like an explanation of this action as soon as possible. 
> > 
> > This message is generated automatically at the time of the attempted
> > entry and is sent to our administrators and the postmaster at the
> > machine making the attempt.  We have included any information provided
> > by your ident daemon (if in use) on the subject line of this message. 
> > We also do a reverse finger for future reference. 
> > 
> > Fred Cohen - fc@all.net - tel:US+216-686-0090
> 
> A user at your site has just attempted to finger into our site without 
> proper authorization.  We consider this inappropriate behavior and would 
> like an explanation of this action as soon as possible.
> 
> Please refrain from such a waste of bandwidth in the future.  Setting 
> alarms off with a telnet is both stupid, and most likely to get people in 
> trouble for no proper reason.
> 
>  -Matt (panzer@dhp.com)
> 
> 
> 
> 
> 
> 

-> See: Info-Sec Heaven at URL http://all.net/
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236





-- 
 -Matt     (panzer@dhp.com)                         DI-1-9026
 "That which can never be enforced should not be prohibited."