THIS UNWANTED GARBAGE ORIGINATED FROM AND BROUGHT TO YOU COURTESY OF:

PATRICK PARIS -- SHITBAG
PATRICK PARIS -- MAKE YOUR PANTIES PUBLIC
PATRICK PARIS -- FAILED HUMAN BEING
PATRICK PARIS -- THE FEMALE EUNUCH




George Orwell <nobody@mixmaster.it> wrote:

-----BEGIN PGP SIGNED MESSAGE-----

R.r.GVy fS qRNAXF bQ sVFU

Eelbasher

You can be the devil incarnate, I don't want to download JBN but cannot find a
website with photos HE TOOK of his "MARK'S" house his photo etc on a black list
for terrorist connections are in danger of having their e-mails read, according to
the internet. No matter how hard you try.

-----BEGIN PGP SIGNATURE-----

iQBVAgUBQ1rlaGbGplRFnhoNAQFlhgH9FHwLQyk0Cc5CDd6H96VtJCUt2IxpQso6

New CPunk and Mix keys have been using Mercury, but was just talking to Bigapple
and found out he uses something else. I'll give that a go this weekend.

DNix+O0YtZ5csFc+V4sS6NW1hAah3pFhfKs9MtsT8rLcnscDqKGIJw==
=Z563
-----END PGP SIGNATURE-----

And THEN like the American Civil Liberties Union have criticized the Patriot Act
because it permits the government to ask libraries for a token in 30 minutes on my
measly PII 350mhz pc, so those of you with your thoughts on how to prevent lost
mail. I am not doing anything illegal or anything that stirs up trouble.

<<==========>>

Subject: Re: Nym creation with Panta - a one way street?

Hash: SHA1

Hi again !

Re-send your reply block to "save AT nym.panta-rhei.eu.org"

Let me clarify this a bit more:
Please create your config message in the normal way, but then send it to
save@... instead of config@....

Cheers,
panta-admin

~~~~~~~~~~~~~~~~~~~~~
This message was posted via one or more anonymous remailing services.
The original sender is unknown.  Any address shown in the From header
is unverified. You need a valid hashcash token to post to groups other
than alt.test and alt.anonymous.messages. Visit www.panta-rhei.dyndns.org
for abuse and hashcash info.

<<==========>>

Subject: Thank You Thrasher - Repost

Hash: SHA1

On 16 Oct 2005 16:23:00 -0000, Thrasher Remailer <thrasher@reece.net.au>
wrote:

In article <OCI0NH5J38641.0623726852@anonymous.sender>
Anonymous-Remailer@See.Comment.Header (Twisty_admin) wrote:

I have been consistantly pinged by  BLACKHOLE-1.IANA.ORG from
ANONYMOUS and mail.brianbinder.com. A tad annoying when mine is a
static commercial account.

Odd  that they could ping me from 10.1.10.1 which is the same address
as my new modem/router. They also tried to connect to port 137.

I had to use the internal firewall to block all the connections they
use. Now I can't access my modem/router from this PC. A never ending
battle.  :)

I thought you had a static IP now, not some 10.x.x.x crap? Or is
the static IP on the WAN side of the router? If so, no 10.x.x.x
traffic should be coming in to your network (the router should
be able to stop it and the ISP shouldn't be routing it to you in
the first place).

Anyway, block ports 135-139 and 445 at the router. All virus
stuff.

I have everything blocked except port 25 which is forwarded.

I have a static IP. The new modem is a combination modem/router. You are
correct, the static IP is on the WAN side. I have 4 other computers
connected to it. 1 laptop by wireless so I have a wireless router
plugged in to one of the ports. The 3 others are direct connected to the
router. The re-mailer has a fixed IP while I let the other 2 receive
their addesses by DHCP. The wireless laptop receives a 192.168.0.2
address from the
wireless router. The others all have 10.1.10.xxx IPs.

To access the router, I have to type in 10.1.10.1 which brings up the
login page for the router. The re-mailer PC is at a fixed IP of
10.1.10.xxx.  (in case they read this, they'll have to guess what xxx
is) The router itself has a built in firewall which I enabled. Then each
computer has a McAffee virus/securitycenter/firewall combination on it.

The only one that gets pinged is this one, the re-mailer. Things slowed
down since I blocked everything including the router. I am surprised it
still works at all.

I just don't know how I can get pinged or whatever from the same address
as my router. I thought a real Domain IP should show up. Again, I am far
from the expert so would really like to know how this can be done. Seems
pretty tricky. I just don't like the name Blackhole. Gives me the
shudders. I sure know what a "blacklist" is and blackhole and blacklist
are somewhat
synonymous.

I picked out 3 out of about 12.
Here they are.

2005/10/15 10:06:26 10.1.10.1:0 (mail.brianbinder.com) 10.1.10.200:0
ICMP Ping
2005/10/15 10:12:35 10.1.10.1:0 (mail.brianbinder.com) 10.1.10.200:0
ICMP Ping
2005/10/15 16:26:11 10.1.10.95:68 (ANONYMOUS) 255.255.255.255:67
Bootstrap Protocol Server

ICMP type 0 is ping reply (pong) isn't it? Sure you're not
pinging or tracerouting mail.brainbinder.com at the time?

All traceroutes come back to this:
Maybe this is all OK and they just happened to pick bad names for their
servers. Blackhole? Yuuch!!!

Sender ANONYMOUS? Why not a real name?

Because 10.1.10.95 doesn't have a valid reverse DNS record.
Which it won't, because it's not on the internet. Unless you set
one up locally.

Reminds me of Carnivore.  Some stealth project :) A bad pick for a name
at any case.

OrgName:    Internet Assigned Numbers Authority
OrgID:      IANA
Address:    4676 Admiralty Way, Suite 330
City:       Marina del Rey
StateProv:  CA
PostalCode: 90292-6695
Country:    US

NetRange:   10.0.0.0 - 10.255.255.255
CIDR:       10.0.0.0/8
NetName:    RESERVED-10
NetHandle:  NET-10-0-0-0-1
Parent:
NetType:    IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment:    This block is reserved for special purposes.
Comment:    Please see RFC 1918 for additional information.
Comment:
RegDate:
Updated:    2002-09-12

OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName:   Internet Corporation for Assigned Names and Number
OrgAbusePhone:  +1-310-301-5820
OrgAbuseEmail:  abuse@iana.org

OrgTechHandle: IANA-IP-ARIN
OrgTechName:   Internet Corporation for Assigned Names and Number
OrgTechPhone:  +1-310-301-5820
OrgTechEmail:  abuse@iana.org


The part that disturbs me is from their own website. It says:

Special-Use Addresses

Several address ranges are reserved for "Special Use". These addresses
all have restrictions of some sort placed on their use, and in general
should not appear in normal use on the public Internet. The following
briefly documents these addresses – in general they are used in
specialized
technical contexts. They are described in more detail in RFC 3330.
"Private Use" IP addresses:
        10.0.0.0 - 10.255.255.255
        172.16.0.0 - 172.31.255.255
        192.168.0.0 - 192.168.255.255

The above address blocks are reserved for use on private networks, and
should never appear in the public Internet. There are hundreds of
thousands

That's right.

You're not being pinged or attacked from outside your network.

Don't worry about the name blackhole - that's been assigned by
IANA!

So, in the end, am I getting spoofed by a hacker, or by my own
cablemodem/router?

If it's a spoof (and I very much doubt it), the reply isn't
going anywhere. Besides which, your router shouldn't be routing
those addresses inbound so it's almost certainly coming from
within your network.

Just checked the firewall again. You are right. I shut down all the other
computers except my main and the re-mailer. I just checked the firewall and
was pinged just a little while ago from 10.1.10.95.

The mail.brianbinder.com might be built into the modem router. I just
checked and the 10.1.10.95 is the IP of my main computer.

As I mentioned before, I gave this PC a different workgroup name to keep it
separated from the rest of the network. Maybe the main computer can see
another computer on the network and is trying to connect.

Looks like I am chasing my tail. Whew!!!!!!! Thank you so very much.

That is a great relief. Paranoia, the stuff re-mailers were made for :)

My Warmest Regards and Thanks, you can't imagine what a relief it is. I
hope you can understand why I worry so much about this PC since it is a
re-mailer.

I feel much better being being safe than sorry. Obviously if I knew more, I
wouldn't have gotten so nervous.

I freely admit I am a noobie, so anything that seems out of place gets my
attention.

Operating a re-mailer is a great learning experience. It makes you question
everything related to the security of the system. I know others are
trusting me to operate a secure system and I don't take that trust lightly.

Again, thank you for taking the time to clarify this for me.

My Most Sincere and Warmest Regards to You,

Twisty Admin