Re: Source of attack: Russian nuclear facility?

["J. Oquendo" <intrusion () ENGINEER COM>]

Gathering info for contacting someone is as simple as browsing their site or doing a WHOIS lookup. Since you mentioned 
warez listed on their ftp server chances are someone rooted the machine and is now using it as a gateway. Is there data 
coming through thru their domain or it is something more trivial such as someone spoofing packets? HTTP requests? FTP 
requests?... What exactly is it thats happening...

JSC Elecs, Kaluga (OBNINSK-DOM)
38, Teatralnaya st.
Kaluga, 248600
RU

Domain Name: OBNINSK.COM

Administrative Contact, Billing Contact:

Kartashev, Igor I  (IIK)  ikar () KALUGA ROSMAIL COM
JSC Elecs
38, Teatralnaya st.,
Kaluga
248600
RU
+7 084 253 1116 (FAX) +7 084 224 2016
Technical Contact, Zone Contact:

Merdin, Paul A  (PAM27)  mrd () KALUGA ROSMAIL COM
JSC Elecs, Kaluga
38, Teatralnaya str.
Kaluga
248600
RU
+7 084 2 531258 (FAX) +7 084 22 42016

Record last updated on 27-May-2000.
Record expires on 07-Jun-2001.
Record created on 06-Jun-1997.
Database last updated on 6-Aug-2000 22:03:39 EDT.

------Original Message------
From: Bryan Willett <bryan () XLORD DUNSINANE NET>
To: INCIDENTS () SECURITYFOCUS COM
Sent: August 6, 2000 9:31:00 PM GMT
Subject: Source of attack: Russian nuclear facility?


I created a php based gaming site: www.merchantempires.net.

An unknown person with IP addresses used by iate.obninsk.com,
is currently hacking the site.  He/she is using some method
to cheat in the game through altering the database.  I haven't
figured out if its a simple php bug or other vulnerability.

As to why someone who works for a nuclear facility would
spend their time hacking my site, I can't say.  It seems
a little alarming.

I ftped over to the origin IP and discovered that their
is a large warez collection.

Who do you contact in situations of foreign based intrusion
such as this?

______________________________________________
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup