[nsp-sec] ftp credentials 20090629
Hank Nussbacher
hank at efes.iucc.ac.il
Tue Jun 30 01:16:21 EDT 2009
> Hi,
>
> please find attached another list of stolen ftp credentials found
> on a crime server. Please excuse the usual false positives (anon
> ftp accounts et al).
>
> kind regards, Dirk Stander (1&1) :.
>
> Format:
> <ASN> | <IP> | <CC> | <FTP user name> | <AS name>
Team Cymru,
While proxying to AS1680, 5486, 8551, 8584 and 9116, I spotted the
following entry:
5486 | 192.117.163.3 | EU | rus102 | SMILE-ASN Euronet Digital
Communications, (1992) LTD, Israel
Assuming Dirk did this with the Team Cymru batch lookup, there would
appear to be a bug there since:
inetnum: 192.117.128.0 - 192.117.191.255
org: ORG-GLIC1-RIPE
admin-c: DR5299-RIPE
netname: IL-GOLDENLINES-19970928
descr: 012 Smile Communications LTD.
country: IL
tech-c: DR5299-RIPE
tech-c: DR5299-RIPE
status: ALLOCATED PA
remarks: For abuse and security issues please contact
abuse at zahav.net.il
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: AS9116-MNT
mnt-routes: AS9116-MNT
clearly shows country=IL.
-Hank
More information about the nsp-security
mailing list