Security Incidents mailing list archives
Re: Source of attack: Russian nuclear facility?
From: "J. Oquendo" <intrusion () ENGINEER COM>
Date: Mon, 7 Aug 2000 18:22:53 -0400
Gathering info for contacting someone is as simple as browsing their site or doing a WHOIS lookup. Since you mentioned warez listed on their ftp server chances are someone rooted the machine and is now using it as a gateway. Is there data coming through thru their domain or it is something more trivial such as someone spoofing packets? HTTP requests? FTP requests?... What exactly is it thats happening... JSC Elecs, Kaluga (OBNINSK-DOM) 38, Teatralnaya st. Kaluga, 248600 RU Domain Name: OBNINSK.COM Administrative Contact, Billing Contact: Kartashev, Igor I (IIK) ikar () KALUGA ROSMAIL COM JSC Elecs 38, Teatralnaya st., Kaluga 248600 RU +7 084 253 1116 (FAX) +7 084 224 2016 Technical Contact, Zone Contact: Merdin, Paul A (PAM27) mrd () KALUGA ROSMAIL COM JSC Elecs, Kaluga 38, Teatralnaya str. Kaluga 248600 RU +7 084 2 531258 (FAX) +7 084 22 42016 Record last updated on 27-May-2000. Record expires on 07-Jun-2001. Record created on 06-Jun-1997. Database last updated on 6-Aug-2000 22:03:39 EDT. ------Original Message------ From: Bryan Willett <bryan () XLORD DUNSINANE NET> To: INCIDENTS () SECURITYFOCUS COM Sent: August 6, 2000 9:31:00 PM GMT Subject: Source of attack: Russian nuclear facility? I created a php based gaming site: www.merchantempires.net. An unknown person with IP addresses used by iate.obninsk.com, is currently hacking the site. He/she is using some method to cheat in the game through altering the database. I haven't figured out if its a simple php bug or other vulnerability. As to why someone who works for a nuclear facility would spend their time hacking my site, I can't say. It seems a little alarming. I ftped over to the origin IP and discovered that their is a large warez collection. Who do you contact in situations of foreign based intrusion such as this? ______________________________________________ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup
Current thread:
- Source of attack: Russian nuclear facility? Bryan Willett (Aug 07)
- Re: Source of attack: Russian nuclear facility? Vitaly Osipov (Aug 08)
- Re: Source of attack: Russian nuclear facility? Ian Eure (Aug 08)
- Re: Source of attack: Russian nuclear facility? //Stany (Aug 08)
- Re: Source of attack: Russian nuclear facility? Pavel Lozhkin (Aug 09)
- <Possible follow-ups>
- Re: Source of attack: Russian nuclear facility? JLNelson (Aug 08)
- Re: Source of attack: Russian nuclear facility? Al Huger - Mail Account (Aug 09)
- Re: Source of attack: Russian nuclear facility? Richard Johnson (Aug 10)
- Re: Source of attack: Russian nuclear facility? T. H. Haymore (Aug 09)
- Re: Source of attack: Russian nuclear facility? Al Huger - Mail Account (Aug 09)
- Re: Source of attack: Russian nuclear facility? J. Oquendo (Aug 08)
- Re: Source of attack: Russian nuclear facility? Doug Winter (Aug 10)
- Re: Source of attack: Russian nuclear facility? David Pick (Aug 13)
- Re: Source of attack: Russian nuclear facility? WebFusion System Administrator (Aug 13)
- Re: Source of attack: Russian nuclear facility? Richard_Bartlett (Aug 13)
- Re: Source of attack: Russian nuclear facility? Matthew Joyce (Aug 13)
- Re: Source of attack: Russian nuclear facility? Christopher Laycock (Aug 21)
- Re: Source of attack: Russian nuclear facility? Christopher Laycock (Aug 21)
- Re: Source of attack: Russian nuclear facility? David Pick (Aug 23)