|
| How can I get headers from a trapped message. |
 |
Wed, 02 Jan 2008 08:50:26 -050 |
One of my ip's is blocked and hitting a trap several
times a day. I need a set of headers to track down the
source, as the ip is NATed to the whole office.
|
| Post Reply
|
| Re: How can I get headers from a trapped message. |
 |
Wed, 02 Jan 2008 15:13:41 -050 |
Reynolds McClatchey wrote:
> One of my ip's is blocked and hitting a trap several
> times a day. I need a set of headers to track down the
> source, as the ip is NATed to the whole office.
>
> I am getting summary reports; but no details (headers).
Write to deputies@admin.spamcop.net and include your IP in the subject
line. We will provide some limited information on what we are seeing and
the reason for the listing.
Ellen
|
| Post Reply
|
| Re: How can I get headers from a trapped message. |
 |
Mon, 7 Jan 2008 13:40:03 -0800 |
Reynolds McClatchey wrote:
> I tracked the spam to a Compaq T5720 thin client device.
> It has no hard drive and runs on "Embedded XP".
> I thought these thin clients were immune to hacking.
> The ip's were firewall blocked but; it was powered
> down long enough to loose its DHCP lease
> and it powered up unblocked. It runs as a non-privileged user.
>
> I guess some well known MS vulnerability was exploited via IS.
> Since the OS runs from NVRAM no MS updates are applied.
>
> I will have to flash the NVRAM to kill the exploit; maybe
> there is an updated Win XP available from Compaq for
> the T5720.
>
> In the future I will set up permanent DHCP leases for
> these thin client devices.
HP has a .pdf on tightening the lockdown on its thin clients
http://h10032.www1.hp.com/ctg/Manual/c00595181.pdf Thin Client Virus
Vulnerability Analysis
There are some other .pdf/s on this page
http://h10025.www1.hp.com/ewfrf/wc/manualCategory?dlc=en&lc=en&product=4
39746&cc=us&
HP Compaq t5710 Thin Client: Manuals
Even tho' that sez 't5710' it is actually a t57x0 page.
--
Mike Easter
kibitzer, not SC admin
|
| Post Reply
|
| Re: How can I get headers from a trapped message. |
 |
Mon, 07 Jan 2008 14:07:06 -050 |
Reynolds McClatchey wrote:
> One of my ip's is blocked and hitting a trap several
> times a day. I need a set of headers to track down the
> source, as the ip is NATed to the whole office.
>
> I am getting summary reports; but no details (headers).
I tracked the spam to a Compaq T5720 thin client device.
It has no hard drive and runs on "Embedded XP".
I thought these thin clients were immune to hacking.
The ip's were firewall blocked but; it was powered
down long enough to loose its DHCP lease
and it powered up unblocked. It runs as a non-privileged user.
I guess some well known MS vulnerability was exploited via IS.
Since the OS runs from NVRAM no MS updates are applied.
I will have to flash the NVRAM to kill the exploit; maybe
there is an updated Win XP available from Compaq for
the T5720.
In the future I will set up permanent DHCP leases for
these thin client devices.
|
| Post Reply
|
|
|
|
|
|
|
|
|
|