As part of our abuse response policy we will and do send copies of the offending
emails to customers. However, because of federal laws we cannot provide the
information to anyone but the account holder. We can not and will not send the
information to a consultant. If anyone ever needs this type of information
please ping me and I will work to get the data needed.
Thank you,
Charles Jouglard
Cox New Orleans
Senior Engineer
Abuse/Security/CALEA Administrator
Disclaimer: These comments and the associated pages and files are not endorsed
by Cox Communications, Inc., Cox Louisiana, LLC, Cox Business Services, Inc.
Cox.Net or anyone else other than myself. These same comments, pages, files,
etc., are in no way associated with any of the entities listed above. If anyone
thinks otherwise, they are sadly mistaken.
Legal Notice: This electronic mail message and any attached files contain
information intended for the exclusive use of the individual to whom it is or
has been originally addressed and may contain information that is proprietary,
privileged, confidential and/or exempt from disclosure under applicable law.
You are hereby forbidden to transfer said electronic mail message by any means
without permission of the sender. If you are not the intended recipient, you
are hereby notified that any viewing, copying, disclosure or distribution of
this information may be subject to legal restriction or sanction, or punishable
under Louisiana Revised Statutes RS 14:73.1, or applicable U.S. Federal
Statutes. Please notify the sender, by electronic mail or telephone, of any
unintended recipients and delete the original message without making any copies.
On Fri, 28 Mar 2008 15:49:50 -0500 (CDT), -ray wrote:
See if Cox can send you one of the SPAM messages. EVen though it's
probably behind a NAT device, the private IP may still be in the mail
headers.
What kind of router is it? We may be able to give more pointers if we
know what you're working with...
ray
On Fri, 28 Mar 2008, Chris Jones wrote:
> I was curious what you guys do when you encounter a client that has a
> network worm, but you don't know whose computer has the infection. I have a
> client who keeps getting calls from Cox, stating that there is a computer on
> their network that is sending out tons of spam. Two months ago at the
> meeting we were playing with Cain & Abel, which can do ARP poisoning. And
> although it's an amazingly powerful piece of software, it seems to
> unfortunately be useful for only black hat hacking (password stealing)...
> There's also Ethereal/Wireshark, but it seems to be useless on a switched
> network, unless you can find an old crappy hub to put it on, between the
> switch and the router. I honestly don't even know if we have a hub anywhere
> around here. There are some commercial products out there made for this,
> but they seem to start at around $2000. I was just wondering if anybody
> knew of anything good that was open source. ARP poisoning would be a nice
> feature, but I'm guessing that might only be a feature on the black hat
> tools. ) There are some things like Nessus and Zenoss, but are those just
> for SNMP monitoring? They probably won't sniff for worm traffic. I might
> look into Untangle and see if it offers that ability...but I figured I'd see
> if you guys know of anything else? Thanks!
>
-- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Ray DeJean http://www.r-a-y.org Systems Engineer Southeastern Louisiana University IBM Certified Specialist AIX Administration, AIX Support =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ___________________ Nolug mailing list nolug@nolug.org Cheers, Charles ___________________ Nolug mailing list nolug@nolug.orgReceived on 03/31/08
This archive was generated by hypermail 2.2.0 : 12/19/08 EST