[nsp-sec] 598 Compromised hosts
Nicholas Ianelli
ni at cert.org
Tue Jul 1 17:06:00 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
| :i use stacheldraht.
| :mostly out of Solaris boxes
| :shcrew kit and t0rnkit coded by me.
|
|> shv5 and others in the family included synscan.
|> Tornkit2 shared elements from ramen which used synscan.
|> I was told that some versions of torn used synscan but I never saw one:(
|
|> Does he use psych0id, mixer, or pint as an aliases?
I've only seen the following:
KH4ALED
Danny-Boy
brzi
SDK
I highly doubt he's the author of any of those. I'd chalk it up to
talking trash. Though he may have made "custom" mods (take that for what
ever it's worth).
What I'd like to know is the OS' of the compromised hosts, if they are
Solaris boxes, he may have some power. I've sent emails to a few South
American contacts (thanks Guilherme), I'm hoping for some data points.
Any ideas on the three below?
| |
| | The ASN - IP mapping can be found here:
| |
| | https://asn.cymru.com/nsp-sec/upload/1214882891.whois.txt
| |
| | 209 | 63.229.83.8 | ASN-QWEST - Qwest
| | 209 | 70.56.99.180 | ASN-QWEST - Qwest
| | 209 | 71.34.70.112 | ASN-QWEST - Qwest
Nick
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
iD8DBQFIapw4i10dJIBjZIARCNGeAKCCRUd4Sj20oxAIdHyKT/9J68fdvACgn8An
jV0xXH1Fey5LM/uUb2QZaeI=
=y0nG
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list