[nsp-sec] ssh attacker from AS32054 - UnderNet help? - FOLLOW-UP
Steven Orchard
sorch at internap.com
Fri Oct 10 16:15:29 EDT 2008
Ack for Internap. We will follow up with our downstream.
thanks.
steve
On Fri, 10 Oct 2008, Daniel Adinolfi wrote:
: Date: Fri, 10 Oct 2008 15:45:18 -0400
: Sender: nsp-security-bounces at puck.nether.net
: From: Daniel Adinolfi <dra1 at postoffice9.mail.cornell.edu>
: To: nsp-security NSP <nsp-security at puck.nether.net>
: X-mailer: Apple Mail (2.929.2)
: Subject: [nsp-sec] ssh attacker from AS32054 - UnderNet help? - FOLLOW-UP
:
: ----------- nsp-security Confidential --------
:
: Folks,
:
: To follow up on my recent email regarding our compromises, the host was
: compromised via ssh from 216.223.9.11. This attack came in at around 0430 EDT
: 10/10/2008.
:
: AS | IP | AS Name
: 32054 | 216.223.9.11 | RADVISIONINC - RADVISION INC
: [namshub:~] dra1% asn-upstream 216.223.9.11
: PEER_AS | IP | AS Name
: 10910 | 216.223.9.11 | INTERNAP-BLK - Internap Network Services
: Corporation
:
: Can someone get this host beat up...er, looked at?
:
: Additionally, the compromised hosts were connecting to the undernet IRC
: network.
:
: 193.109.122.67:6667
: PING :Ede.NL.EU.UnderNet.Org..:Ufilici!~Richard at Fantazie.users.undernet.org
: MODE
: PONG :Ede.NL.EU.UnderNet.Org.MODE #diamon..NICK Richard.NOTICE Ufilici :Lists
: sa
:
: Thanks.
:
: -Dan
:
:
: _______________________________________________
: nsp-security mailing list
: nsp-security at puck.nether.net
: https://puck.nether.net/mailman/listinfo/nsp-security
:
: Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
: community. Confidentiality is essential for effective Internet security
: counter-measures.
: _______________________________________________
More information about the nsp-security
mailing list