Security Incidents mailing list archives
Re: compromised host
From: Ryan Sweat <h3xm3 () SWBELL NET>
Date: Tue, 31 Oct 2000 16:52:11 -0600
These are all open proxy (port 1080) hosts. These can act as a proxy for irc. I doubt any of them are compromised, although they are misconfigured to allow outside connectivity through. There is not much you can do since most of the users are on cable and dsl lines. Ryan ----- Original Message ----- From: "vanguard" <vanguard () GENIUSNET RO> To: <INCIDENTS () SECURITYFOCUS COM> Sent: Tuesday, October 31, 2000 8:19 AM Subject: compromised host
hello see u conection to ircservers, if u have this tipe of conexion, i guess u host is compromised but this host is definitive compromised ..:(( this is flood attack whit warbot [15:41:45] --> r121038l (~164a56@12.8.233.98) has joined ... [15:41:45] --> w152120h (~115t73 () adsl-78-184-91 mco bellsouth net) has joined [15:41:45] --> e1357812e (~618v53 () modemcable065 45-200-24 mtl mc videotron ca) has joined [15:41:45] --> v324411h (~1334w63@12.2.238.55) has joined [15:41:45] --> x86128r (~174x37 () modemcable065 45-200-24 mtl mc videotron ca) has joined [15:41:45] --> t182786x (~2014z76 () node134a5 a2000 nl) has joined [15:41:45] --> y145548i (~1851w70@12.2.238.55) has joined [15:41:45] --> g2074312t (~1626t84 () adsl-63-205-159-146 dsl lsan03 pacbell net) has joined [15:41:45] --> r1188314u (~1426d91@209.21.14.65) has joined [15:41:45] --> x1976818i (~1392s73@194.204.247.2) has joined [15:41:45] --> d182667n (~1669m11 () adsl-63-199-8-138 dsl snfc21 pacbell net) has joined [15:41:45] --> p1928212v (~1848o47@195.50.128.16) has joined [15:41:45] --> y680919v (~1177d55 () node13dd3 a2000 nl) has joined [15:41:45] --> v65887w (~87i42 () modemcable151 24-200-24 timi mc videotron ca) has joined [15:41:45] --> t448718u (231e58 () node1270f a2000 nl) has joined [15:41:45] --> t57012o (1425w46 () node134a5 a2000 nl) has joined [15:41:45] --> z15931b (392o31 () node168f2 a2000 nl) has joined [15:41:45] --> c92942b (~241p26 () modemcable151 24-200-24 timi mc videotron ca) has joined [15:41:46] --> r765519r (932q75 () adsl-63-205-159-146 dsl lsan03 pacbell net) has joined [15:41:46] --> u1225416s (1195g62 () adsl-78-184-91 mco bellsouth net) has joined [15:41:46] --> l58971w (413x34 () adsl-63-199-8-138 dsl snfc21 pacbell net) has joined [15:41:46] --> q1761710g (873r30 () adsl-63-199-8-138 dsl snfc21 pacbell net) has joined [15:41:46] --> i455418b (362d76 () calnet15-234 gtecablemodem com) has joined [15:41:46] --> y911819x (131s44 () adsl-63-205-159-146 dsl lsan03 pacbell net) has joined [15:41:46] --> f159914h (940l45 () kt karacs sulinet hu) has joined [15:41:46] --> x1250320w (1999i8 () kt karacs sulinet hu) has joined [15:41:46] --> w104473g (182s42 () kt karacs sulinet hu) has joined [15:46:57] <-- r121038l (~164a56@12.8.233.98) has left [15:46:57] <-- t182786x (~2014z76 () node134a5 a2000 nl) has left [15:46:57] <-- w152120h (~115t73 () adsl-78-184-91 mco bellsouth net) has left [15:47:00] <-- l58971w (413x34 () adsl-63-199-8-138 dsl snfc21 pacbell net) has left [15:47:00] <-- x1250320w (1999i8 () kt karacs sulinet hu) has left [15:47:00] <-- t448718u (231e58 () node1270f a2000 nl) has left [15:47:00] <-- q1761710g (873r30 () adsl-63-199-8-138 dsl snfc21 pacbell net) has left [15:47:00] <-- i455418b (362d76 () calnet15-234 gtecablemodem com) has left [15:47:00] <-- r765519r (932q75 () adsl-63-205-159-146 dsl lsan03 pacbell net) has left [15:47:00] <-- y911819x (131s44 () adsl-63-205-159-146 dsl lsan03 pacbell net) has left [15:47:00] <-- t57012o (1425w46 () node134a5 a2000 nl) has left [15:47:00] <-- z15931b (392o31 () node168f2 a2000 nl) has left [15:47:00] <-- u1225416s (1195g62 () adsl-78-184-91 mco bellsouth net) has left [15:47:00] <-- p1446414q (1481n97 () node134a5 a2000 nl) has left -- "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." -- Jeremy Anderson
Current thread:
- compromised host vanguard (Nov 01)
- Re: compromised host Ryan Sweat (Nov 02)