[nsp-sec] Ping: Google/GMail
John Fraizer
john at op-sec.us
Thu Feb 28 23:45:56 EST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Seth and Krista,
Can I share this information internally here with the restriction of it not leaving the company? I'll redact your names/companies and any identifying information of course.
Seth Hall wrote:
>
>
>
> On Feb 28, 2008, at 4:54 PM, John Fraizer wrote:
>
>> Looks like 81.199.0.0/16 is eat up, huh?
>> Seth, are you seeing similar?
>
> Yep.
>
> After checking activity against our webmail server with the ASNs Krista
> mentioned, I found a compromised account here that had been logged into
> from the following addresses today, it matches what you were seeing on
> 81.199.0.0/16 too.
>
> 3352 | 80.30.243.77 | TELEFONICA-DATA-ESPANA Internet Access
> Network of TDE
> 12491 | 81.199.43.174 | IPPLANET-AS IPPlanet
> 12491 | 81.199.48.147 | IPPLANET-AS IPPlanet
> 12491 | 81.199.172.188 | IPPLANET-AS IPPlanet
> 22351 | 80.255.59.243 | INTELSAT Intelsat Global BGP Routing Policy
>
> Thanks for the naughty webmailers AS list Krista!
>
> .Seth
>
> ---
> Seth Hall
> Network Security - Office of the CIO
> The Ohio State University
> Phone: 614-292-9721
>
>
>
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org
iD8DBQFHx44E+16lRpJszIgRAqISAJwOMB2WUiJj+eS4WTFS25267HHE4gCfdm3n
loPEi+z29KgYvEQe2UB957s=
=q0h7
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list