[nsp-sec] ssh attacker from AS32054 - UnderNet help? - FOLLOW-UP
Daniel Adinolfi
dra1 at postoffice9.mail.cornell.edu
Fri Oct 10 15:45:18 EDT 2008
Folks,
To follow up on my recent email regarding our compromises, the host
was compromised via ssh from 216.223.9.11. This attack came in at
around 0430 EDT 10/10/2008.
AS | IP | AS Name
32054 | 216.223.9.11 | RADVISIONINC - RADVISION INC
[namshub:~] dra1% asn-upstream 216.223.9.11
PEER_AS | IP | AS Name
10910 | 216.223.9.11 | INTERNAP-BLK - Internap Network Services
Corporation
Can someone get this host beat up...er, looked at?
Additionally, the compromised hosts were connecting to the undernet
IRC network.
193.109.122.67:6667
PING :Ede.NL.EU.UnderNet.Org..:Ufilici!~Richard at Fantazie.users.undernet.org
MODE
PONG :Ede.NL.EU.UnderNet.Org.MODE #diamon..NICK Richard.NOTICE
Ufilici :Lists sa
Thanks.
-Dan
More information about the nsp-security
mailing list