THIS UNWANTED GARBAGE ORIGINATED FROM AND BROUGHT TO YOU COURTESY OF:

PATRICK PARIS -- SUCKED ONE SUCKED 'EM ALL
PATRICK PARIS -- FAILED PROGRAMMER
PATRICK PARIS -- PIECE OF SHIT
PATRICK PARIS -- PUNK




Hash: SHA1

On 16 Oct 2005 16:23:00 -0000, Thrasher Remailer <thrasher@reece.net.au>
wrote:

In article <OCI0NH5J38641.0623726852@anonymous.sender>
Anonymous-Remailer@See.Comment.Header (Twisty_admin) wrote:

I have been consistantly pinged by  BLACKHOLE-1.IANA.ORG from
ANONYMOUS and mail.brianbinder.com. A tad annoying when mine is a
static commercial account.

Odd  that they could ping me from 10.1.10.1 which is the same address
as my new modem/router. They also tried to connect to port 137.

I had to use the internal firewall to block all the connections they
use. Now I can't access my modem/router from this PC. A never ending
battle.  :)

I thought you had a static IP now, not some 10.x.x.x crap? Or is
the static IP on the WAN side of the router? If so, no 10.x.x.x
traffic should be coming in to your network (the router should
be able to stop it and the ISP shouldn't be routing it to you in
the first place).

Anyway, block ports 135-139 and 445 at the router. All virus
stuff.

I have everything blocked except port 25 which is forwarded.

I have a static IP. The new modem is a combination modem/router. You are
correct, the static IP is on the WAN side. I have 4 other computers
connected to it. 1 laptop by wireless so I have a wireless router
plugged in to one of the ports. The 3 others are direct connected to the
router. The re-mailer has a fixed IP while I let the other 2 receive
their addesses by DHCP. The wireless laptop receives a 192.168.0.2
address from the
wireless router. The others all have 10.1.10.xxx IPs.

To access the router, I have to type in 10.1.10.1 which brings up the
login page for the router. The re-mailer PC is at a fixed IP of
10.1.10.xxx.  (in case they read this, they'll have to guess what xxx
is) The router itself has a built in firewall which I enabled. Then each
computer has a McAffee virus/securitycenter/firewall combination on it.

The only one that gets pinged is this one, the re-mailer. Things slowed
down since I blocked everything including the router. I am surprised it
still works at all.

I just don't know how I can get pinged or whatever from the same address
as my router. I thought a real Domain IP should show up. Again, I am far
from the expert so would really like to know how this can be done. Seems
pretty tricky. I just don't like the name Blackhole. Gives me the
shudders. I sure know what a "blacklist" is and blackhole and blacklist
are somewhat
synonymous.

I picked out 3 out of about 12.
Here they are.

2005/10/15 10:06:26 10.1.10.1:0 (mail.brianbinder.com) 10.1.10.200:0
ICMP Ping
2005/10/15 10:12:35 10.1.10.1:0 (mail.brianbinder.com) 10.1.10.200:0
ICMP Ping
2005/10/15 16:26:11 10.1.10.95:68 (ANONYMOUS) 255.255.255.255:67
Bootstrap Protocol Server

ICMP type 0 is ping reply (pong) isn't it? Sure you're not
pinging or tracerouting mail.brainbinder.com at the time?

All traceroutes come back to this:
Maybe this is all OK and they just happened to pick bad names for their
servers. Blackhole? Yuuch!!!

Sender ANONYMOUS? Why not a real name?

Because 10.1.10.95 doesn't have a valid reverse DNS record.
Which it won't, because it's not on the internet. Unless you set
one up locally.

Reminds me of Carnivore.  Some stealth project :) A bad pick for a name
at any case.

OrgName:    Internet Assigned Numbers Authority
OrgID:      IANA
Address:    4676 Admiralty Way, Suite 330
City:       Marina del Rey
StateProv:  CA
PostalCode: 90292-6695
Country:    US

NetRange:   10.0.0.0 - 10.255.255.255
CIDR:       10.0.0.0/8
NetName:    RESERVED-10
NetHandle:  NET-10-0-0-0-1
Parent:
NetType:    IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment:    This block is reserved for special purposes.
Comment:    Please see RFC 1918 for additional information.
Comment:
RegDate:
Updated:    2002-09-12

OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName:   Internet Corporation for Assigned Names and Number
OrgAbusePhone:  +1-310-301-5820
OrgAbuseEmail:  abuse@iana.org

OrgTechHandle: IANA-IP-ARIN
OrgTechName:   Internet Corporation for Assigned Names and Number
OrgTechPhone:  +1-310-301-5820
OrgTechEmail:  abuse@iana.org


The part that disturbs me is from their own website. It says:

Special-Use Addresses

Several address ranges are reserved for "Special Use". These addresses
all have restrictions of some sort placed on their use, and in general
should not appear in normal use on the public Internet. The following
briefly documents these addresses – in general they are used in
specialized
technical contexts. They are described in more detail in RFC 3330.
"Private Use" IP addresses:
        10.0.0.0 - 10.255.255.255
        172.16.0.0 - 172.31.255.255
        192.168.0.0 - 192.168.255.255

The above address blocks are reserved for use on private networks, and
should never appear in the public Internet. There are hundreds of
thousands

That's right.

You're not being pinged or attacked from outside your network.

Don't worry about the name blackhole - that's been assigned by
IANA!

So, in the end, am I getting spoofed by a hacker, or by my own
cablemodem/router?

If it's a spoof (and I very much doubt it), the reply isn't
going anywhere. Besides which, your router shouldn't be routing
those addresses inbound so it's almost certainly coming from
within your network.

Just checked the firewall again. You are right. I shut down all the other
computers except my main and the re-mailer. I just checked the firewall and
was pinged just a little while ago from 10.1.10.95.

The mail.brianbinder.com might be built into the modem router. I just
checked and the 10.1.10.95 is the IP of my main computer.

As I mentioned before, I gave this PC a different workgroup name to keep it
separated from the rest of the network. Maybe the main computer can see
another computer on the network and is trying to connect.

Looks like I am chasing my tail. Whew!!!!!!! Thank you so very much.

That is a great relief. Paranoia, the stuff re-mailers were made for :)

My Warmest Regards and Thanks, you can't imagine what a relief it is. I
hope you can understand why I worry so much about this PC since it is a
re-mailer.

I feel much better being being safe than sorry. Obviously if I knew more, I
wouldn't have gotten so nervous.

I freely admit I am a noobie, so anything that seems out of place gets my
attention.

Operating a re-mailer is a great learning experience. It makes you question
everything related to the security of the system. I know others are
trusting me to operate a secure system and I don't take that trust lightly.

Again, thank you for taking the time to clarify this for me.

My Most Sincere and Warmest Regards to You,

Twisty Admin

<<==========>>

Subject: Re: Pingers/Remops: Lunatic Eelbash at it again

On Wed, 09 Nov 2005 11:20:31 +0100, Thomas J. Boschloo wrote:

-----BEGIN PGP SIGNED MESSAGE-----

Eelbash Admin wrote:

On Tue, 08 Nov 2005 20:31:40 +0000, Anonymous wrote:

Although I have the highest respect for Twisty's corporate legal
counsel, I have more respect for somebody like Zax, who said yesterday
that he has flood filters in his remailer and even added some more.

Why don't you use your one remaining brain cell to read what Zax wrote
again.

He installed nntp filters. Those are for his usenet server.

I stand corrected; but isn't filtering a flood going out through an nntp
server the same, legally, ethically, and morally (what is the difference
between ethics and morals?) as filtering a flood going through an smtp
server?

It is not.

If Zax thinks filtering a flood through an nntp server is ok, then I
still feel that I can appeal to that example as a justification for
filtering a flood going through my smtp server.

Steve is filtering 'floods' (BI and stuff like that). You are filtering on
keywords.

I am filtering on floods not keywords.

And to me Steve's news server is just like any other newsserver that
carries remailer messages. People that complain about anonymous messages
have to complain to the last remailer in the chain.

Even Frog-Admin filtered at his news server. I think he also filtered at
his remailer though, but I am not sure. You are a lot worse when it comes
to filtering and distorting message content. I can't decide if you are a
joke or a danger to the remailing community. Do you even feel you are part
of it?

I hope Zax or Twisty will clear up the legal aspects of this filtering. In
any case, the filtering at Zax' news server is automated and not all
groups are monitored. Only APA-S.

I think you should see the news service and remailer service as separate
identities.

Thomas
- --
Gothika: "How can you trust someone who thinks you are crazy" -----BEGIN
PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iQB5AwUBQ3HNbwEP2l8iXKAJAQGCQAMeLGdW16ZzdXCuz3E7+gn3GnBlvQgJPkVD
g6ZUsEQto0M/DzthZgVL5EznltfHaA4eOIVJmcXpqHkDA070W9iY3FZajwH/LaJm
Mt2lPRf8xSOCkgA9Z+rD2kKjlhoztDFCTIeBrQ== =ZrxQ
-----END PGP SIGNATURE-----

<<==========>>

Subject: Re: remailers to give up keys?

Anonymous-Remailer@See.Comment.Header (My =?iso-8859-1?Q?2=A2?=) wrote:

References: <4301b0d2$0$11061$e4fe514c@news.xs4all.nl>
 <ccdb148aace8030aaba187812baeb150@dizum.com>
 <CEUC1SCD38581.1092361111@reece.net.au>

In article <CEUC1SCD38581.1092361111@reece.net.au>
Thrasher Remailer <thrasher@reece.net.au> wrote:

Nomen Nescio wrote:

This whole group got flooded and caved in to it. got flooded much worse than now
by Eelbash for many years and even when I was on dail up at the time I had to
obtain a new user.

On Tue, 16 Aug 2005, "Thomas J. Boschloo"

There may be several others. Most encryption failures come from using that
remailer? Please let us know what I really need is somehow to just try anything.
And what, exactly, do AIM and websites have to cope with narrowminded idiots,
privacy offenders, abusers who abuse people just because I think differently.

<nospam@hccnet.nl> wrote:

It is very important that we do not repeat our

history. America is way

to bloody and aggressive right now for a stable

world with respect for

all religions. I also repeat my claim that they

have not learned from

WWII (thinking of Bush (your Avatar of War)).

That's it, and look at yourself. I already told you this, kook.
  Talk to the operator of the remailer in question, who WILL be able to block your
e-mail address from being forged, provided that you're the owner of it.
  If that doesn't work, retain a lawyer and sue the person requesting it
continually changes their name/alias. I have to do with remailers, kook?   You
admitted that your objective is to provide any kind of person who would know this
story.  I would expect more like 50% for you and your cohorts.  May I ask how many
is everyone?

Before you go plastering invective all over the US

for "bloody and

aggressive" actions, you need to look at where the

bloodshed over radical

Islam began, and who has been throwing the "first

stones". America (and

Western civilization) has been fighting off

elements of radical Islam for

more than 20 years.

The west has been on the defensive.

In order to think clearly, you really have to get

past your media generated

hatred for Bush.  It clouds your perception.

Which media outlets are generating hatred for Bush?

CNN