[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] OT: Interesting, Domain Refinery, Relay Attempts
- Subject: [cobalt-users] OT: Interesting, Domain Refinery, Relay Attempts
- From: "Ray Symons" <lists@xxxxxxxxxxxx>
- Date: Thu Jan 23 05:49:01 2003
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
I had someone trying to relay email through my server yesterday from this IP:
http://138.121.23.4/
Guy is using software called "Domain Refinery" -- found the following two items
on google searching on that:
http://www.marketmenow.com/all_pages/soft/domain_refinery/domain_refineryinfopag
e.htm
http://www.americaint.com/superstore/domqc.html
Ya just gotta hate this kind of crap...
This was the content of the guys page at the time I checked the IP:
---------------------
Domain Refinery (Linux) Guide
10/25/2002 07:41:17 PM
Important: You can log into Linux with the username "root" --- the default
password is "newstart1" --- you want to change this right away so that other
users don't go hacking into your box remotely!
What do you need?
a.. Obviously a server with all the scripts on it (you have this)
b.. Dial-up accounts. Read below for more info.
Note: All the scripts on the web server are located in the /root/Desktop/Scripts
directory.
Buying dial-ups: When you buy dial-ups, you want to use a pre-paid debit card to
avoid being charge "clean-up" fees. You can buy these at RightAid or Store24
convenience stores. You can also buy them online at www.webcertificate.com or
many others. Just search around using Google. They key thing about dial-ups is
you want ones that are multi-login if possible. That means you can use them on
more than one computer simultaneously. Even more importantly you must realize
that most ISPs are "virtual ISPs" and simple resell dial-up service through some
national dial-up backbone provider. Below is a list of national backbone
providers along with just one of the many virtual ISPs powered by them:
a.. Starnet/MegaPop - http://www.screaminet.com - 1-2 logins?
b.. UUNet/worldcom/Qwest - http://www.mfire.com - usually unlimited logins
c.. Telia - http://www.bway.net (telia) - 1 login
d.. AT&T Global Network - http://www.crosspaths.com - usually unlimited logins
e.. Broadwing - http://www.lowcharge.com - usually unlimited logins
f.. UUNet #2??? - http://www.peoplestar.net - usually unlimited logins
g.. FlexPOP - http://www.pacifier.com
h.. SBCGlobal - http://www.prodigy.com - three or less logins?
i.. Earthlink - http://www.earthlink.net - usually unlimited logins
The trick is not to keeping buying dial-ups at the same place. One you find a
place that you like, simply copy down the access number you use. Then search for
it using Google. Up will come a list of other ISPs that offer the same access
number and hence use the same backbone. Awesome! There is a mass dial-up testing
script that is available upon request.
Setting Up The Dialups: The script that controls the modem is the "keepconnect"
script. To run this you must supply a config file. A sample config is supplied
called "netspoof" which is a configuration for spoofing a broadband connection
with a modem. If you want to set up a two modem spoofing configuration, you
would be advised to use the DM Two Network Interface to create such a config. So
first you need to modify the config file. There are a lot of options in there...
but you only need to know a few things. If you know what your default gateway
is, you should modify the line that says "default_gw_ip." Most importantly you
will see a list of dial-up accounts. The number that precedes everything else is
the account number and the order in which the account will be tested. Thus
"1number2" corresponds to the first account. Ignore the number at the end. Thus
"2number2" corresponds with the second. For each account you must specify phone
number, username, and password. For the phone number, always add "*67," before
the number to block caller ID. If you want to temporarily remove an account from
the middle of an account list, simply add a random character or anything before
either the variable "number," "user," and "pw." That will affectively cause the
script to skip over using the entire account. As it is now, you can have up to 9
accounts configured. To run the script, type the following: "perl
keepconnect -fdk netspoof" --- netspoof is the config file. The "-f" is
required. The "d" runs the script in daemon mode. When you are first
experimenting, you may want to exclude that option. The "k" kills copies of the
script running this config file that may be running in the background. If you
are running in daemon mode, you can monitor the output of the script by typing
"tail -f /tmp/keepconnect.netspoof."
Configuring the Scanner: Modify dr4.conf. The important lines to change are
"scan_file" and "port." The format of the scan_file can be seen by looking at
any of the range-xxxx files. Multiple ports can be specified by seperated them
by colons like this: port = 25:80:1080
Running the Program: You can run the program by typing "perl dr_server
dr4.conf" -- to exit press CTRL+C. The script will automatically pcik up where
you left off last time unless you delete the "progress" file.
Monitoring Bandwidth: You can monitor the amount of bandwidth being used by the
system by typing "perl bw" and then "tail -f bw_all" --- this will show you the
bandwidth usage averaged over 30 second intervals. The bw script will run in the
background continously. When you first start it, you will need to give it a
minute to gather data. This is good for determining how many threads to run.