[Scottish] The yellow peril?

Daniel J. Owens scottish at mailman.lug.org.uk
Thu Jul 24 15:07:01 2003 

Hi,

I have heard rumours that this works...

First send the sys-admin of the system concerned a nice message politely
asking him (there are few chinese "her" sys-admins) to do something about
the problem. If this is ignored, send the sys-admin a nice message thanking
him for all of his support and donations to the falun gong (political
movement outlawed in mainland china).   If you know anyone who can write
this for you in mandarin it might grab more attention.
When he contacts you asking why you are trying to get him killed, you can
explain...

good luck!
Danny

----- Original Message ----- 
From: "Colin Fraser" <cfraser@nairnfusion.co.uk>
To: <Scottish@mailman.lug.org.uk>
Sent: Thursday, July 24, 2003 1:46 PM
Subject: [Scottish] The yellow peril?


> Hi,
>
> Just found the following in /var/log/messages:
>
> Jul 24 13:23:44 elgin kernel: SuSE-FW-DROP-DEFAULT IN=ippp1 OUT= MAC=
> SRC=62.134.72.190 DST=213.122.60.116 LEN=288 TOS=0x00 PREC=0x00 TTL=114
> ID=28413 PROTO=UDP SPT=4288 DPT=135 LEN=268
> Jul 24 13:23:45 elgin kernel: SuSE-FW-DROP-DEFAULT IN=ippp1 OUT= MAC=
> SRC=62.134.72.190 DST=213.122.60.116 LEN=108 TOS=0x00 PREC=0x00 TTL=114
> ID=28699 PROTO=UDP SPT=4288 DPT=135 LEN=88
> Jul 24 13:23:46 elgin kernel: SuSE-FW-DROP-DEFAULT IN=ippp1 OUT= MAC=
> SRC=62.134.72.190 DST=213.122.60.116 LEN=108 TOS=0x00 PREC=0x00 TTL=114
> ID=29034 PROTO=UDP SPT=4288 DPT=135 LEN=88
> Jul 24 13:23:48 elgin kernel: SuSE-FW-DROP-DEFAULT IN=ippp1 OUT= MAC=
> SRC=62.134.72.190 DST=213.122.60.116 LEN=108 TOS=0x00 PREC=0x00 TTL=114
> ID=29679 PROTO=UDP SPT=4288 DPT=135 LEN=88
> Jul 24 13:23:52 elgin kernel: SuSE-FW-DROP-DEFAULT IN=ippp1 OUT= MAC=
> SRC=62.134.72.190 DST=213.122.60.116 LEN=108 TOS=0x00 PREC=0x00 TTL=114
> ID=31031 PROTO=UDP SPT=4288 DPT=135 LEN=88
> Jul 24 13:24:00 elgin kernel: SuSE-FW-DROP-DEFAULT IN=ippp1 OUT= MAC=
> SRC=62.134.72.190 DST=213.122.60.116 LEN=108 TOS=0x00 PREC=0x00 TTL=114
> ID=33632 PROTO=UDP SPT=4288 DPT=135 LEN=88
> Jul 24 13:24:16 elgin kernel: SuSE-FW-DROP-DEFAULT IN=ippp1 OUT= MAC=
> SRC=62.134.72.190 DST=213.122.60.116 LEN=116 TOS=0x00 PREC=0x00 TTL=114
> ID=38734 PROTO=UDP SPT=4288 DPT=135 LEN=96
>
> A whois shows that the source IP is registered to someone in the People's
> Republic of China. Before I go off half-cocked on this one, Has anyone any
> idea what it might be about? I've done a google and spotted a virus alert
> about HLLP.4288 but can't find a description, other than that it affects
.COM
> and .EXE (another good reason for avoiding microdog!).
>
> Of course, our friend in China might be a victim (if he's got the virus
and
> it's trying to contact other instances through the net).
>
> Anyone got any idea of what's going on or suggestions on my next step?
>
> Cheers,
>
> Colin
>
> _______________________________________________
> Scottish mailing list
> Scottish@mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/scottish


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.502 / Virus Database: 300 - Release Date: 18/07/2003