*** surviving my new CANCEL attack***
Francois Grieu
François Grieu
Juuso Hukkanen
wrote:
>Do not be so cheap and get a better news service.
I know who is attacking #sci.crypt and I can _prove_ that: the motive,
attack techniques, skills and training of those skills with plenty of
details, show tools and attack signatures. I can also show a punch of
other crimes done by that individual; (besides this DOSing campaign)
defaming, distribution of child pornography, harassment, spamming,
phising and lottery scam (related to spamming & phising).
In addition there is an extra reason for Interpol / High tech
crime centre / or secret service or similar to be interested about
this guy. With other words seems there seems to be enough to put this
guy into prison. The question is will the attacks continue or will
there be peace?
Peace
Juuso Hukkanen
(to reply by e-mail set addresses month and year to correct)
JP LR
I may say something blatantly idiot, please be kind with me ;-)
When I saw so much cancelled posts and also the return of some sci.crypt
trool, five days ago, I wonder if I would be able to delete a post at least
locally on my computer.
Internet is a place where one experiment first and think afterward, so I
press the DEL key.
The post disappear on my computer and I forgot the thing.
Today I used another computer, and the post that I deleted is not readeable
on that other computer.
I make some tests with the two computers and in some newsgroups the act to
delete works and in others it do not works.
I just made a test with Ethereal to see if something is sended from my
computer to the server on my network when I delete a post (one of mine on
another newsgroup).
I am not enough good at reading Ethereal but the fact is there was nntp
exchanges just at that time, so the delation may not only be local but also
on the server.
I am using Outlook express on Windows XP home edition.
My provider is Wanadoo in France.
Best regards,
Jean-Pierre
"Francois Grieu" <fgr...@francenet.fr> a écrit dans le message de
news:fgrieu-efef0603...@news4-e.proxad.net...
John Savard
>Do not be so cheap and get a better news service.
I would make all the burglars in jail work harder so that the government
would make profits with which it would subsidize away the cost of
putting locks on our doors.
It is not our fault there are people who do bad things - it's their
fault. So we shouldn't have to bear any costs because of it.
John Savard
http://www.quadibloc.com/index.html
_________________________________________
Usenet Zone Free Binaries Usenet Server
More than 140,000 groups
Unlimited download
http://www.usenetzone.com to open account
Luc The Perverse
news:43dc94e1$0$19674$8fcf...@news.wanadoo.fr...
> Hello
>
> I may say something blatantly idiot, please be kind with me ;-)
> When I saw so much cancelled posts and also the return of some sci.crypt
> trool, five days ago, I wonder if I would be able to delete a post at
> least
> locally on my computer.
> Internet is a place where one experiment first and think afterward, so I
> press the DEL key.
> The post disappear on my computer and I forgot the thing.
> Today I used another computer, and the post that I deleted is not
> readeable
> on that other computer.
>
> I make some tests with the two computers and in some newsgroups the act to
> delete works and in others it do not works.
> I just made a test with Ethereal to see if something is sended from my
> computer to the server on my network when I delete a post (one of mine on
> another newsgroup).
> I am not enough good at reading Ethereal but the fact is there was nntp
> exchanges just at that time, so the delation may not only be local but
> also
> on the server.
>
> I am using Outlook express on Windows XP home edition.
> My provider is Wanadoo in France.
Deleting a message in outlook express does not cancel the message.
Relax
--
LTP
:)
Luc The Perverse
news:43dd0a52...@news.usenetzone.com...
>>Do not be so cheap and get a better news service.
>
> I would make all the burglars in jail work harder so that the government
> would make profits with which it would subsidize away the cost of
> putting locks on our doors.
>
> It is not our fault there are people who do bad things - it's their
> fault. So we shouldn't have to bear any costs because of it.
You are right. We the innocent should roll over and die because life is not
fair
--
LTP
:)
Francois Grieu
And no, this is NOT my cancel attack.
If one carefully reads the headers in the forgery,
http://groups.google.com/group/sci.crypt/msg/e428cab4aa573904?dmode=source
there are a few significant differences with my genuine posts.
- the IP in NNTP-Posting-Host is not one of the three
Proxad IPs that I use.
- the format and offset of the "Date:" is unlike the one in my
posts.
I am not the slightest bit amused.
François Grieu
Luc The Perverse
>
> I may say something blatantly idiot, please be kind with me ;-)
> When I saw so much cancelled posts and also the return of some sci.crypt
> trool, five days ago, I wonder if I would be able to delete a post at
> least
> locally on my computer.
> Internet is a place where one experiment first and think afterward, so I
> press the DEL key.
> The post disappear on my computer and I forgot the thing.
> Today I used another computer, and the post that I deleted is not
> readeable
> on that other computer.
>
> I make some tests with the two computers and in some newsgroups the act to
> delete works and in others it do not works.
> I just made a test with Ethereal to see if something is sended from my
> computer to the server on my network when I delete a post (one of mine on
> another newsgroup).
> I am not enough good at reading Ethereal but the fact is there was nntp
> exchanges just at that time, so the delation may not only be local but
> also
> on the server.
>
> I am using Outlook express on Windows XP home edition.
> My provider is Wanadoo in France.
Deleting a message in outlook express does not cancel the message.
Relax
--
LTP
:)
========= WAS CANCELLED BY =======:
Path: ...newsfeed.cs.wisc.edu!newsfeed-00.mathworks.com!newscon06.news.prodigy.com!prodigy.net!border1.nntp.dca.giganews.com!border2.nntp.dca.giganews.com!nntp.giganews.com!peer01.cox.net!cox.net!p01!fed1read05.POSTED!53ab2750!not-for-mail
From: "Luc The Perverse" <sll_noSpamli...@cc.usu.edu>
Control: cancel <5eeva3x...@loki.cmears.id.au>
Subject: Cancel "Re: *** surviving my new CANCEL attack***"
Newsgroups: sci.crypt
Message-ID: <2dcxe5v...@loki.cmears.id.au>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Newsreader: Forte Agent 1.8/32.548
Lines: 2
Date: Sun, 29 Jan 2006 18:49:41 GMT
NNTP-Posting-Host: 70.162.170.136
X-Complaints-To: ab...@cox.net
X-Trace: fed1read05 1138562805 70.162.170.136 (Sun, 29 Jan 2006 14:26:45 EST)
NNTP-Posting-Date: Sun, 29 Jan 2006 14:26:45 EST
Organization: Cox Communications
John Savard
wrote, in part:
>Do not be so cheap and get a better news service.
I would make all the burglars in jail work harder so that the government
would make profits with which it would subsidize away the cost of
putting locks on our doors.
It is not our fault there are people who do bad things - it's their
fault. So we shouldn't have to bear any costs because of it.
John Savard
http://www.quadibloc.com/index.html
_________________________________________
Usenet Zone Free Binaries Usenet Server
More than 140,000 groups
Unlimited download
http://www.usenetzone.com to open account
========= WAS CANCELLED BY =======:
Path: ...easynet-quince!easynet.net!peer01.cox.net!cox.net!p01!fed1read05.POSTED!53ab2750!not-for-mail
From: jsa...@excxn.aNOSPAMb.cdn.invalid (John Savard)
Control: cancel <43dd0a52...@news.usenetzone.com>
Subject: Cancel "Re: *** surviving my new CANCEL attack***"
Newsgroups: sci.crypt
Message-ID: <86da0a53...@news.usenetzone.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Newsreader: NN version 6.5.1 (NOV)
Lines: 2
Date: Sun, 29 Jan 2006 18:01:07 GMT
NNTP-Posting-Host: 70.162.170.136
X-Complaints-To: ab...@cox.net
X-Trace: fed1read05 1138562809 70.162.170.136 (Sun, 29 Jan 2006 14:26:49 EST)
NNTP-Posting-Date: Sun, 29 Jan 2006 14:26:49 EST
Organization: Cox Communications
JP LR
I may say something blatantly idiot, please be kind with me ;-)
When I saw so much cancelled posts and also the return of some sci.crypt
trool, five days ago, I wonder if I would be able to delete a post at least
locally on my computer.
Internet is a place where one experiment first and think afterward, so I
press the DEL key.
The post disappear on my computer and I forgot the thing.
Today I used another computer, and the post that I deleted is not readeable
on that other computer.
I make some tests with the two computers and in some newsgroups the act to
delete works and in others it do not works.
I just made a test with Ethereal to see if something is sended from my
computer to the server on my network when I delete a post (one of mine on
another newsgroup).
I am not enough good at reading Ethereal but the fact is there was nntp
exchanges just at that time, so the delation may not only be local but also
on the server.
I am using Outlook express on Windows XP home edition.
My provider is Wanadoo in France.
Best regards,
Jean-Pierre
"Francois Grieu" <fgr...@francenet.fr> a écrit dans le message de
news:fgrieu-efef0603...@news4-e.proxad.net...
> Do not be so cheap and get a better news service.
>
> François Grieu
========= WAS CANCELLED BY =======:
Path: ...204.153.245.151.MISMATCH!green.octanews.net!news-out.octanews.net!news.glorb.com!border1.nntp.dca.giganews.com!border2.nntp.dca.giganews.com!nntp.giganews.com!peer01.cox.net!cox.net!p01!fed1read05.POSTED!53ab2750!not-for-mail
From: "JP LR" <fake.a...@voila.fr>
Control: cancel <43dc94e1$0$19674$8fcf...@news.wanadoo.fr>
Subject: Cancel "Re: *** surviving my new CANCEL attack***"
Newsgroups: sci.crypt
Message-ID: <67cb86b3-6$04403%3faf...@news.wanadoo.fr>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Newsposter: Peck's Power Post - v0.6b
Lines: 2
Date: Sun, 29 Jan 2006 15:33:18 GMT
NNTP-Posting-Host: 70.162.170.136
X-Complaints-To: ab...@cox.net
X-Trace: fed1read05 1138562927 70.162.170.136 (Sun, 29 Jan 2006 14:28:47 EST)
NNTP-Posting-Date: Sun, 29 Jan 2006 14:28:47 EST
Organization: Cox Communications
Juuso Hukkanen
>Do not be so cheap and get a better news service.
I know who is attacking #sci.crypt and I can _prove_ that: the motive,
attack techniques, skills and training of those skills with plenty of
details, show tools and attack signatures. I can also show a punch of
other crimes done by that individual; (besides this DOSing campaign)
defaming, distribution of child pornography, harassment, spamming,
phising and lottery scam (related to spamming & phising).
In addition there is an extra reason for Interpol / High tech
crime centre / or secret service or similar to be interested about
this guy. With other words seems there seems to be enough to put this
guy into prison. The question is will the attacks continue or will
there be peace?
Peace
Juuso Hukkanen
(to reply by e-mail set addresses month and year to correct)
========= WAS CANCELLED BY =======:
Path: ...204.153.245.151.MISMATCH!green.octanews.net!news-out.octanews.net!cox.net!news-xfer.cox.net!p01!fed1read05.POSTED!53ab2750!not-for-mail
From: Juuso Hukkanen <juuso_...@tele3d.net>
Control: cancel <188nt1t0mfpvqvic1...@4ax.com>
Subject: Cancel "Re: *** surviving my new CANCEL attack***"
Newsgroups: sci.crypt
Message-ID: <688vo5b6cclyvvof6...@4ax.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: slrn/0.0.6.6 (UNIX)
Lines: 2
Date: Sun, 29 Jan 2006 18:36:47 GMT
NNTP-Posting-Host: 70.162.170.136
X-Complaints-To: ab...@cox.net
X-Trace: fed1read05 1138563001 70.162.170.136 (Sun, 29 Jan 2006 14:30:01 EST)
NNTP-Posting-Date: Sun, 29 Jan 2006 14:30:01 EST
Organization: Cox Communications
Phil Carmody
> I am NOT the author of the first message in this thread.
No. You do not post through a known anonymising proxy.
> I am not the slightest bit amused.
Your reputation is untarnished, don't worry.
Phil
--
What is it: is man only a blunder of God, or God only a blunder of man?
-- Friedrich Nietzsche (1844-1900), The Twilight of the Gods
Grumble
> Francois Grieu wrote:
>
>> I am NOT the author of the first message in this thread.
>
> No. You do not post through a known anonymising proxy.
82.232.97.239 is a known anonymizing proxy?
Phil Carmody
I was not quite correct. There's both an open relay and an
anonymising proxy involved. Or so a cursory inspection
revealed (traceroute + several googles). I may be wrong.
cryp...@att.not
> Grumble <dev...@kma.eu.org> writes:
>
>>Phil Carmody wrote:
>>
>>
>>>Francois Grieu wrote:
>>>
>>>
>>>>I am NOT the author of the first message in this thread.
>>>
>>>No. You do not post through a known anonymising proxy.
>>
>>82.232.97.239 is a known anonymizing proxy?
>
>
> I was not quite correct. There's both an open relay and an
> anonymising proxy involved. Or so a cursory inspection
> revealed (traceroute + several googles). I may be wrong.
>
> Phil
Juuso Hukkanen said he can prove who is behind these attacks,
so now would be a great time for him to post this proof.
Tons of posts are being cancelled here at ATT.NET, and even
the reposts are getting recancelled. I don't find it very
amusing either.
If this IP address is not a known anonymising proxy or a
known open relay, then what is it? Just from looking at the
headers on the post that started this thread, it can seen to
come from the same ISP and via the same newsreader as Francois Grieu.
Should each of us keep a list of IP addresses that we use, just to
help identify these sporgeries, or must we resort to PGP signing
our postings? It is this kind of stuff that has always encouraged
me to keep Real Life and Usenet completely separate.
Regardless, I'd sure like to see that proof that Juuso has, so that
Francois can clear his name once and for all.
Francois Grieu
<xLADf.574957$zb5.1...@bgtnsc04-news.ops.worldnet.att.net>,
"cryp...@att.NOT" <cryp...@att.NOT> wrote:
> Just from looking at the headers on the post that started
> this thread, it can seen to come from the same ISP
Yes
> and via the same newsreader as Francois Grieu.
You can see it, but it is misleading. The "User-Agent" field
is easy to forge. But compare the format for "Date" in my posts
and in the forgery, the perp did not get this right.
> Should each of us keep a list of IP addresses that we use,
> just to help identify these sporgeries, or must we resort
> to PGP signing our postings?
Problem with IP addresses is that they can be forged with
the approriate resources, though this is marginal in practice.
PK certificates are stong, problem is lack of built-in support,
at headers level, in most newsreaders. And I do not want to
annoy the world with PGP markers in the body of my posts.
Also I fear problems with 8-bit content.
> Regardless, I'd sure like to see that proof that Juuso has,
Me too,
> so that Francois can clear his name once and for all.
Above forensics should be enough for this purpose, even if
the title of the forgery did not convince you.
Francois Grieu
Phil Carmody
> In article
> <xLADf.574957$zb5.1...@bgtnsc04-news.ops.worldnet.att.net>,
> "cryp...@att.NOT" <cryp...@att.NOT> wrote:
>
> > Just from looking at the headers on the post that started
> > this thread, it can seen to come from the same ISP
>
> Yes
>
> > and via the same newsreader as Francois Grieu.
>
> You can see it, but it is misleading. The "User-Agent" field
> is easy to forge. But compare the format for "Date" in my posts
> and in the forgery, the perp did not get this right.
There are at least 2 more grave errors in the forgeries than
that. However, I'm not going to say what they are, lest the
forger try harder to fix them.
> > Should each of us keep a list of IP addresses that we use,
> > just to help identify these sporgeries, or must we resort
> > to PGP signing our postings?
>
> Problem with IP addresses is that they can be forged with
> the approriate resources, though this is marginal in practice.
I've never seen a forgery that gets every aspect related to
IP addresses right. Not that I've seen much more than the usual
a.r.s. Co$ crap, and the occasional idiot here.