test
Tracking #: 6B98FA6BC528B541A542693E65D5A5568447ED4D
[Non-text portions of this message have been removed]
Tracking #: 6B98FA6BC528B541A542693E65D5A5568447ED4D
[Non-text portions of this message have been removed]
> The only way I can verify my MX record IP address is inside my
> firewall's settings or by calling my ISP.
>
> Just in case someone checks and sees a 192.168 (or similar
> non-routable range) and thinks they are in the clear.
>
> -Todd C.
>
>
> The only way I can verify my MX record IP address is inside myUseful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
> firewall's settings or by calling my ISP.
>
> Just in case someone checks and sees a 192.168 (or similar
> non-routable range) and thinks they are in the clear.
>
> -Todd C.
>
>
> The only way I can verify my MX record IP address is inside myUseful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
> firewall's settings or by calling my ISP.
>
> Just in case someone checks and sees a 192.168 (or similar
> non-routable range) and thinks they are in the clear.
>
> -Todd C.
>
>
----- Original Message -----
From: "Michael Barry" <mbarry@...>
To: <vantage@yahoogroups.com>
Sent: Saturday, December 11, 2004 12:33 PM
Subject: RE: [Vantage] You might have a virus, check your IP address
24.46.0.217
>
> "No one program protects completely, you have to layer your Defenses"
>
> Admittedly, this won't help you with spam but here is a quote from the US
> Army worth considering...
>
> "Process Authentication is a resource efficient, Host Intrusion Prevention
> product, that integrates with the Operating System and runs at the system
> level. It runs several low-level system services that intercept system
calls
> to the Windows kernel and monitors for new executable code requesting
> processor time. When a system call requests processor time for executable
> code, it verifies whether the executable is in the authentication
database.
> If so, it verifies by path, file size, and file name. If the executable is
> not in the database, the call is denied and never reaches the Kernel. This
> all takes place within milliseconds making it unnoticeable to the user.
>
> Running at the system level and intercepting system calls to the Windows
> Kernel for the purpose of authenticating executable code ensures that
> nothing can bypass the Operating System or Process Authentication and
> execute. Even if an administrator tries to execute something that has not
> been authenticated, it will not run. Even if "user policies" are hacked,
> Process Authentication will continue protection. This is the only tool
> available to provide a static controllable environment while at the same
> time giving a very clear picture of what is running within the network.
>
> When Process Authentication is first installed, it scans each machines'
hard
> drives for every type of executable and places them into a local
> authentication database. After installation, authentication of new
> executables and software packages are performed using simple wizards. The
> Server is used to centrally manage the client machines for authentication
of
> updates, patches, and new software rollouts. If the Server should go down,
> each PC will still be able to function. Authentication of new executables
> can be performed at each local PC or centrally from the Server.
>
> If an executable is not in the authentication database or if any
attributes
> change, it will not run. Various forms of executables such as Viruses,
> Trojans, Worms, and valid software can be placed on a computers hard
drive;
> however, the code will never execute or harm the computer. Process
> Authentication can prevent all types of code from running including known
> and unknown threats that Anti-Virus software would miss or not know of
yet.
> Process Authentication also protects against programs that Windows
policies
> cannot enforce, such as programs that do not affect the registry.
>
> Process Authentication is another layer of security when compared to
> Anti-Virus software, firewalls, or Intrusion Detection systems. It does
not
> use signatures or patterns to detect malicious code; therefore, it cannot
> inform the user whether the unauthorized code is malicious or friendly. It
> can only verify if the program is allowed to execute and enforce denial of
> execution with the highest power of the Windows Operating System."
>
> Ok, its a bit wordy but I'm sure you will get the point. 0 viruses, 0
worms,
> 0 spyware, 0 adware, 0 games, 0 streaming crap...etc.
>
> Michael
>
> Michael Barry
> Aspacia Systems Inc
> 866.566.9600
> 312.803.0730 fax
> http://www.aspacia.com/
>
> -----Original Message-----
> From: Shirley Graver [mailto:shirleyg@...]
> Sent: Friday, December 10, 2004 7:36 AM
> To: vantage@yahoogroups.com
> Subject: RE: [Vantage] You might have a virus, check your IP address
> 24.46.0.217
>
>
> Visual Route, traces the IP to the South Western Ohio area (Cincinnati).
I
> posted a message on a similar topic earlier this week and didn't get a
> response.
>
> No one program protects completely, you have to layer your
> Defenses Start out with a good hardware firewall, then whatever email
> Server you are using also has email scanning and have it scan all traffic.
> Then a good server antivirus that scans file traffic (Trend is good, so is
> Panda),This is just on the server side. As you move to the workstations
> that connect to the internet I use, in combination, (The Cleaner, Peer
> Guardian, Pest Patrol, and workstation versions of Trend or Panda). On
top
> of all this you have to constantly monitor user traffic and remind users
> over and over and over "DON'T CLICK ON EMAILS". I also collect all the
spam
> and adjust mail filters daily. I have a list of about 10,000 spam domains
> block, a cross reference list of countries and IP address blocks Peer
> Guardian gives you about 94,000,000 blocked IP addresses. I block whole
> countries if the roar of spam and infected emails gets too loud from a
given
> nation. All of this is no guarantee of security, it's getting bad out
> there people. I'm blocking about 300 infected emails a week. For the
last
> six months we have been pounded unbelievably with port attacks and
infected
> emails. I am spending at least 12 hours a week on network security.
>
> Quick group survey:
> How many Virus infected emails do you intercept in a week?
> Have you had any non email attacks in recent weeks?
> How many hours a week do you/your company spend on security?
>
> If we get enough replies to this I'll compile it into a report that the
> group can use to sell their management on security improvements.
>
> Shirley
> _____
>
> From: Aaron Hoyt [mailto:aaron.hoyt@...]
> Sent: Friday, December 10, 2004 9:55 AM
> To: vantage@yahoogroups.com
> Subject: RE: [Vantage] You might have a virus, check your IP address
> 24.46.0.217
>
>
> I could add bunches of clues to this. I have been getting this for a
couple
> of weeks.
> All trace to the same IP. I have been directly deleting them using Norton
> for the last several days (got sick of reading the messages with the
> attachment removed by Norton.
> If I am not mistaken this is the mail server of someone that is infected.
> Shame on me, but I scanned the ports on the server (in an attempt to
> identify anything about the offending machine) about a week ago and only
> found 25 and 110 open indicating a likely mail server.
>
> A simple test for anyone on the list would be to look at the account
> settings in your mail for the mail server. Then from a dos prompt
enter...
> ping (input your mail server name here). It will return the IP address of
> your mail server and if it matches, make sure your computer and network
are
> scanned.
>
> Aaron Hoyt
> Vantage Plastics
>
> -----Original Message-----
> From: Todd Caughey [mailto:caugheyt@...]
> Sent: Friday, December 10, 2004 9:26 AM
> To: vantage@yahoogroups.com
> Subject: RE: [Vantage] You might have a virus, check your IP address
> 24.46.0.217
>
>
>
> Interesting too in that over the past two days I've had bounceback
messages
> from an email outfit called manchester.com with many (hundreds) of
> names@... which that server seems to think I sent infected
> content too. Many of the names are Vantage group members and at least one
> was epicor@ .
>
> A typical message is:
> fn04@... on 12/10/2004 7:50 AM
> You do not have permission to send to this recipient. For assistance,
> contact your system administrator.
> < bump.manchester.com #5.7.1 smtp; 550 5.7.1 Message content rejected,
> id=31032-10 - BANNED: .exe>
>
> Of course the true originating sender (or the virus rather) spoofed the
> sender part and used my address - one reason sending the supposed sender a
> rejection message is not worth doing.
>
> But I was wondering if this manchester.com part is an additional clue for
a
> possible group member who has an infected PC. Perhaps someone in the
group
> has a personal email account with them that is in the same address book as
> Vantage group names.
>
> -Todd C.
>
> -----Original Message-----
> From: Paul Siebers [mailto:paul.siebers@...]
> Sent: Friday, December 10, 2004 8:00 AM
> To: vantage@yahoogroups.com
> Subject: [Vantage] You might have a virus, check your IP address
24.46.0.217
>
>
> All,
>
> I am getting some viruses attached to e-mails masquerading to be from
> Epicor. I suspect they are from someone in this group. I did a trace
> and came up with the sender's IP address: 24.46.0.217
>
> The block is owned by Optimum Online (Cablevision Systems) If this is
> your ISP, check your IP address, if it's anywhere close to the one above
> you might want to do a virus scan.
>
>
> HTH,
>
> Paul
>
>
> Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must
have
> already linked your email address to a yahoo id to enable access. )
> (1) To access the Files Section of our Yahoo!Group for Report Builder and
> Crystal Reports and other 'goodies', please goto:
> http://groups.yahoo.com/group/vantage/files/.
> <http://groups.yahoo.com/group/vantage/files/>
> (2) To search through old msg's goto:
> http://groups.yahoo.com/group/vantage/messages
> (3) To view links to Vendors that provide Vantage services goto:
> http://groups.yahoo.com/group/vantage/links
>
>
>
> Yahoo! Groups Sponsor
>
> ADVERTISEMENT
>
<http://us.ard.yahoo.com/SIG=129vpg311/M=295196.4901138.6071305.3001176/D=g
>
roups/S=1705007183:HM/EXP=1102773499/A=2128215/R=0/SIG=10se96mf6/*http://com
> panion.yahoo.com> click here
>
<http://us.adserver.yahoo.com/l?M=295196.4901138.6071305.3001176/D=groups/
> S=:HM/A=2128215/rand=596164070>
>
>
> _____
>
> Yahoo! Groups Links
>
>
> * To visit your group on the web, go to:
> http://groups.yahoo.com/group/vantage/
>
>
> * To unsubscribe from this group, send an email to:
> vantage-unsubscribe@yahoogroups.com
> <mailto:vantage-unsubscribe@yahoogroups.com?subject=Unsubscribe>
>
>
> * Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service
> <http://docs.yahoo.com/info/terms/> .
>
>
>
>
> [Non-text portions of this message have been removed]
>
>
>
>
> Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must
have
> already linked your email address to a yahoo id to enable access. )
> (1) To access the Files Section of our Yahoo!Group for Report Builder and
> Crystal Reports and other 'goodies', please goto:
> http://groups.yahoo.com/group/vantage/files/.
> <http://groups.yahoo.com/group/vantage/files/>
> (2) To search through old msg's goto:
> http://groups.yahoo.com/group/vantage/messages
> (3) To view links to Vendors that provide Vantage services goto:
> http://groups.yahoo.com/group/vantage/links
> Yahoo! Groups Links
>
>
>
>
>
>
>
>
>
>
>
> Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must
have
> already linked your email address to a yahoo id to enable access. )
> (1) To access the Files Section of our Yahoo!Group for Report Builder and
> Crystal Reports and other 'goodies', please goto:
> http://groups.yahoo.com/group/vantage/files/.
> <http://groups.yahoo.com/group/vantage/files/>
> (2) To search through old msg's goto:
> http://groups.yahoo.com/group/vantage/messages
> (3) To view links to Vendors that provide Vantage services goto:
> http://groups.yahoo.com/group/vantage/links
>
>
>
>
>
> Yahoo! Groups Sponsor
>
>
> ADVERTISEMENT
>
>
<http://us.ard.yahoo.com/SIG=129j9po9a/M=295196.4901138.6071305.3001176/D=gr
>
oups/S=1705007183:HM/EXP=1102776837/A=2128215/R=0/SIG=10se96mf6/*http:/compa
> nion.yahoo.com> click here
>
>
>
<http://us.adserver.yahoo.com/l?M=295196.4901138.6071305.3001176/D=groups/S=
> :HM/A=2128215/rand=868530529>
>
> _____
>
> Yahoo! Groups Links
> * To visit your group on the web, go to:
> http://groups.yahoo.com/group/vantage/
>
> * To unsubscribe from this group, send an email to:
> vantage-unsubscribe@yahoogroups.com
> <mailto:vantage-unsubscribe@yahoogroups.com?subject=Unsubscribe>
>
> * Your use of Yahoo! Groups is subject to the Yahoo! Terms of
Service
> <http://docs.yahoo.com/info/terms/> .
>
> Tracking #: 0238C6FD0E94FB44A66EE716AB7A2BA9B470842D
>
>
> [Non-text portions of this message have been removed]
>
>
>
>
> Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must
have
> already linked your email address to a yahoo id to enable access. )
> (1) To access the Files Section of our Yahoo!Group for Report Builder and
> Crystal Reports and other 'goodies', please goto:
> http://groups.yahoo.com/group/vantage/files/.
> (2) To search through old msg's goto:
> http://groups.yahoo.com/group/vantage/messages
> (3) To view links to Vendors that provide Vantage services goto:
> http://groups.yahoo.com/group/vantage/links
> Yahoo! Groups Links
>
>
>
>
>
>
>
>
>
>
>
>
>
> Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must
have already linked your email address to a yahoo id to enable access. )
> (1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
> (2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
> (3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links
> Yahoo! Groups Links
>
>
>
>
>
>
>
>
>