[nsp-sec] Stolen FTP credentials

Gabriel Iovino giovino at ren-isac.net
Wed Mar 16 09:21:46 EDT 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 3/16/2011 6:53 AM, Thomas Hungenberg wrote:
> please find below a list of stolen FTP credentials found in recent dropzone data.

ACK the following:

> 47 | 68.181.189.126 | US | lopez.usc.edu | hector | me******
> 210 | 205.118.20.150 | US | 205.118.20.150 | ltwiggs | CI******
> 210 | 205.118.94.2 | US | sputnik.alpinedistrict.org | jwong | pa******
> 237 | 35.11.217.63 | US | 35.11.217.63 | comics | co******
> 1742 | 128.103.217.25 | US | ftp.hbsp.harvard.edu | hbspftp | dr******
> 1742 | 128.103.217.25 | US | ftp.hbsp.harvard.edu | hbspftp | dr******
> 2637 | 130.207.225.171 | US | yamsrv1.ece.gatech.edu | sriram | sr******
> 2637 | 143.215.252.35 | US | zoot.rnoc.gatech.edu | gth667m | Ra******
> 2637 | 143.215.252.35 | US | zoot.rnoc.gatech.edu | gth786w | Mn******
> 4130 | 136.142.4.246 | US | unixs.cis.pitt.edu | ars128 | no******
> 7272 | 147.72.70.200 | US | wjhsd.net | team71 | ph******
> 7272 | 147.72.70.200 | US | wjhsd.net | team72 | ph******
> 7272 | 147.72.70.200 | US | wjhsd.net | team81 | ph******
> 22990 | 169.226.22.15 | US | itsunix.albany.edu | cy123251 | c8******
> 29825 | 64.131.110.21 | US | brookfield.rice.iit.edu | jmeyers3 | ds******
> 29825 | 64.131.110.21 | US | brookfield.rice.iit.edu | jmeyers | tf******
> 29825 | 64.131.110.21 | US | brookfield.rice.iit.edu | RICE\ityagi | Ri******
> 29825 | 64.131.110.21 | US | brookfield.rice.iit.edu | RICE\jmeyers3 | ds******
> 29825 | 64.131.110.56 | US | springfield.rice.iit.edu | jmeyers3 | ds******
> 32654 | 69.38.205.29 | US | iam.colum.edu | ebrown2 | sc******
> 32654 | 69.38.205.29 | US | iam.colum.edu | ebrown | sc******
> 32654 | 69.38.205.29 | US | iam.colum.edu | James.Gordon | 19******
> 32654 | 69.38.205.29 | US | iam.colum.edu | jeff | fB******

We will generate some sanitized notifications.

Thank you!

Gabe

- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk2AuWoACgkQwqygxIz+pTtnfgCgwr52goAKwC1PIaaOCjA2vVxc
k1gAoIUGT1P5zV/z6mrJj9AEOMAvBuEW
=Xogi
-----END PGP SIGNATURE-----

More information about the nsp-security mailing list