Security Incidents mailing list archives

Re: Cracked by the Brazilians

From: symetrix () SYMETRIX ORG (Michael Damm)
Date: Thu, 30 Mar 2000 15:06:24 -0800

Hi.

Hi.


[root@physics .usr]# ls
BitchX
[LASF]_Hanging_Up_[Telesync][1of2].asf
[LASF]_Mission_To_Mars_[GOOD.Telesync][1of2].asf  scr-bx      sexet2.mpg
BitchX-75p3-Linux-glibc2-i386.tar
[LASF]_Hanging_Up_[Telesync][2of2].asf
[LASF]_Mission_To_Mars_[GOOD.Telesync][2of2].asf  sexet1.mpg  wserv


This is a red flag for me. Obviously its a warez/vcd kiddie distributing his
goods from your server. Try some EFnet/Dalnet/Undernet channels like #good
or #telesync or maybe even #vcd/#asf. Start talking with a few of the ops
and see if you can get anyone to incriminate themselves. From there its
whatever your local BOFH chooses to do with/to them.

   -Mike

_____________________________________________
NetZero - Defenders of the Free World
Click here for FREE Internet Access and Email
http://www.netzero.net/download/index.html

Current thread:

Dramatic increase in UDP Port 137 (NetBIOS Name Service) probe activity, (continued)
- - - Dramatic increase in UDP Port 137 (NetBIOS Name Service) probe activity Jeffrey D. Carter (Mar 25)
    - Re: Dramatic increase in UDP Port 137 (NetBIOS Name Service) probeactivity Bryan Andersen (Mar 28)
    - Re: Dramatic increase in UDP Port 137 (NetBIOS Name Service) probeactivity Christoph Schneeberger (Mar 29)
    - Re: Dramatic increase in UDP Port 137 (NetBIOS Name Service)probeactivity Bill Pennington (Mar 29)
    - Re: 169.254.x.x (Dramatic increase in UDP Port 137 (NetBIOS Name Service) probe activity) Pavel Kankovsky (Mar 29)
    - Re: 169.254.x.x (Dramatic increase in UDP Port 137 (NetBIOS Name Service) probe activity) Joshua Krage (Mar 29)
    - Re: 169.254.x.x (Dramatic increase in UDP Port 137 (NetBIOS Name Service) probe activity) Greg A. Woods (Mar 29)
    - Re: 169.254.x.x Robert Graham (Mar 29)
    - Re: 169.254.x.x Pavel Kankovsky (Mar 30)
    - Cracked by the Brazilians Seth Milder (Mar 30)
    - Re: Cracked by the Brazilians Michael Damm (Mar 30)
    - Re: Cracked by the Brazilians Seth Milder (Mar 30)
    - Re: Cracked by the Brazilians Robert Graham (Mar 30)
    - Re: Cracked by the Brazilians Seth Milder (Mar 30)
    - Re: Cracked by the Brazilians Michael H. Warfield (Mar 30)
    - Re: Cracked by the Brazilians Omachonu Ogali (Mar 30)
    - Re: Cracked by the Brazilians Blaise St-Laurent (Mar 30)
    - Re: Cracked by the Brazilians Ralf Spenneberg (Mar 30)
    - Re: Cracked by the Brazilians Seth Milder (Mar 30)
    - link-local IPs (Was "Re: 169.254.x.x (Dramatic increase in UDP Port 137 (NetBIOS Name Service) probe activity)") Richard Johnson (Mar 30)
    - unapproved queries for "aol.com" Francis A. Vidal (Mar 26)

(Thread continues...)