[nsp-sec] ACK for .cat TLD and several ES ASNs - Re: Stolen FTP credentials

Carles Fragoso cfragoso at cesicat.cat
Wed Apr 20 05:19:23 EDT 2011 

Thomas,

We have already take care of credentials related with .CAT TLD as they are within our constituency ...

> 766   | 193.144.12.25   | ES | webquest.udl.cat          | sanuy            | s4****** | REDIRIS RedIRIS Autonomous System
> 43988 | 94.127.190.29   | ES | ftp.relojes.cat           | rellotges        | 42****** | ABSERVER-AS Access Basic Server S.L.
> 43988 | 94.127.190.29   | ES | www.oliolivaartesa.cat    | oli              | 42****** | ABSERVER-AS Access Basic Server S.L.

... but we have also proxified those to trusted peers at ES (Spanish) autonomous systems. See (*) for those already contacted.

 114 16371 | ACENS_AS acens technologies (*)
  46 43988 | ABSERVER-AS Access Basic Server S.L. (*)
  28 3352  | TELEFONICA-DATA-ESPANA Internet Access Network of TDE (*)
  22 20718 | AS_ARSYS-EURO-1 arsys.es (*)
  11 50926 | INFORTELECOM-AS Infortelecom Hosting, S.L. (*)
   6 196834 | SOFTEC_INTERNET Softec Internet, S.L.
   5 13287 | NIXVAL NIXVAL Data Center
   4 16338 | ONO-AS2 Cableuropa - ONO (*)
   3 6739  | ONO-AS Cableuropa - ONO (*)
   3 44497 | REDCORUNA-AS REDCORUNA
   3 15699 | AS_ADAM Network ADAM DATACENTER - www.adamdatacenter.es
   2 42237 | INTERDOMINIOS Grupo Interdominios S.A. (*)
   2 196713 | ABANSYS_AND_HOSTYTEC-AS Abansys & Hostytec, S.L. (*)
   2 15704 | AS15704 Xtra Telecom, S.L.
   2 12769 | IBER-X LET_S GOWEX, S.A.
   2 12386 | ASALPI Orange Catalunya Xarxes de Telecomunicacions S.A. (*)
   1 8311  | REDESTEL Redestel Networks S.L.
   1 5400  | BT BT European Backbone
   1 42745 | ARI Ari Business Solutions, S.A.
   1 3324  | FUJITSU TECHNOLOGY SOLUTIONS, S.A.
   1 31082 | MCCTELECOM-AS MCCTELECOM
   1 25487 | DIGITALVALUE-AS Digital Value Autonomous System, Valencia (Spain)
   1 2134  | GSVNET-AS GS Virtual Network
   1 20838 | YIF-AS France Telecom Espana S.A
   1 15919 | INTERHOST Interhost AS
   1 12715 | JAZZNET Jazz Telecom S.A.
   1 12479 | UNI2-AS France Telecom Espana SA (*)
   1 12334 | AS R Cable y Telecomunicaciones Galicia S.A.

I am waiting for feedback from them to see if the credentials have been already abused and its impact.

Keep up the good work. :)

-- Carlos Fragoso

On Apr 19, 2011, at 10:08 AM, Thomas Hungenberg wrote:

> please find below a list of stolen FTP login credentials found in several lists
> on a server used for malicious activity. Unfortunately, I don't have information
> on when and how the credentials were stolen, but the filenames and timestamps
> of the lists indicate that they were harvested earlier this month.
> 
> Format: ASN | IP | CC | hostname | username | sanitized password | AS desc
> 
> 
>     - Thomas

More information about the nsp-security mailing list