[nsp-sec] popped routers? via irc-security list
Rob Thomas
robt at cymru.com
Thu Mar 12 18:11:52 EDT 2009
Hey, Jose.
> 7738 | 200.216.245.194 | Telecomunicacoes da Bahia S.A.
This also appears to be a router, though it appears the criminal who
0wn3d it setup some ACLs to prevent proxy blockers from probing it too
closely. Looks like it's been 0wn3d since circa 2009-01-14 22:24:48 UTC.
> 5718 | 216.20.75.36 | MECNET - Merrimack Education Center
This one looks like a router to us as well, and it's been abused for a
while, sadly.
timestamp | ip | asn | category | comment
---------------------+--------------+------+----------+---------
2009-01-14 22:26:06 | 216.20.75.36 | 5718 | proxies | cisco
> 7738 | 200.217.194.70 | Telecomunicacoes da Bahia S.A.
Nothing on this one.
> 36222 | 69.1.111.42 | WINDWAVE-COMMUNICATIONS - WindWave
> Communications
Yep, a Cisco.
timestamp | ip | asn | category | comment
---------------------+-------------+-------+----------+---------
2009-01-14 22:18:16 | 69.1.111.42 | 36222 | proxies | cisco
Thanks,
Rob.
--
Rob Thomas
Team Cymru
http://www.team-cymru.org/
cmn_err(CEO_PANIC, "Out of coffee!");
More information about the nsp-security
mailing list