Re: compromised host

[Ryan Sweat <h3xm3 () SWBELL NET>]

    These are all open proxy (port 1080) hosts.  These can act as a proxy
for irc.  I doubt any of them are compromised, although they are
misconfigured to allow outside connectivity through.  There is not much you
can do since most of the users are on cable and dsl lines.

Ryan
----- Original Message -----
From: "vanguard" <vanguard () GENIUSNET RO>
To: <INCIDENTS () SECURITYFOCUS COM>
Sent: Tuesday, October 31, 2000 8:19 AM
Subject: compromised host


> hello
> see u conection to ircservers, if u have this tipe of conexion, i guess
> u host is compromised
>
> but this host is definitive compromised ..:((
> this is flood attack whit  warbot
>
> [15:41:45] --> r121038l (~164a56@12.8.233.98) has joined ...
> [15:41:45] --> w152120h (~115t73 () adsl-78-184-91 mco bellsouth net) has
> joined
> [15:41:45] --> e1357812e
> (~618v53 () modemcable065 45-200-24 mtl mc videotron ca) has joined
> [15:41:45] --> v324411h (~1334w63@12.2.238.55) has joined
> [15:41:45] --> x86128r
> (~174x37 () modemcable065 45-200-24 mtl mc videotron ca) has joined
> [15:41:45] --> t182786x (~2014z76 () node134a5 a2000 nl) has joined
> [15:41:45] --> y145548i (~1851w70@12.2.238.55) has joined
> [15:41:45] --> g2074312t
> (~1626t84 () adsl-63-205-159-146 dsl lsan03 pacbell net) has joined
> [15:41:45] --> r1188314u (~1426d91@209.21.14.65) has joined
> [15:41:45] --> x1976818i (~1392s73@194.204.247.2) has joined
> [15:41:45] --> d182667n
> (~1669m11 () adsl-63-199-8-138 dsl snfc21 pacbell net) has joined
> [15:41:45] --> p1928212v (~1848o47@195.50.128.16) has joined
> [15:41:45] --> y680919v (~1177d55 () node13dd3 a2000 nl) has joined
> [15:41:45] --> v65887w
> (~87i42 () modemcable151 24-200-24 timi mc videotron ca) has joined
> [15:41:45] --> t448718u (231e58 () node1270f a2000 nl) has joined
> [15:41:45] --> t57012o (1425w46 () node134a5 a2000 nl) has joined
> [15:41:45] --> z15931b (392o31 () node168f2 a2000 nl) has joined
> [15:41:45] --> c92942b
> (~241p26 () modemcable151 24-200-24 timi mc videotron ca) has joined
> [15:41:46] --> r765519r
> (932q75 () adsl-63-205-159-146 dsl lsan03 pacbell net) has joined
> [15:41:46] --> u1225416s (1195g62 () adsl-78-184-91 mco bellsouth net) has
> joined
> [15:41:46] --> l58971w (413x34 () adsl-63-199-8-138 dsl snfc21 pacbell net)
> has joined
> [15:41:46] --> q1761710g
> (873r30 () adsl-63-199-8-138 dsl snfc21 pacbell net) has joined
> [15:41:46] --> i455418b (362d76 () calnet15-234 gtecablemodem com) has
> joined
> [15:41:46] --> y911819x
> (131s44 () adsl-63-205-159-146 dsl lsan03 pacbell net) has joined
> [15:41:46] --> f159914h (940l45 () kt karacs sulinet hu) has joined
> [15:41:46] --> x1250320w (1999i8 () kt karacs sulinet hu) has joined
> [15:41:46] --> w104473g (182s42 () kt karacs sulinet hu) has joined
> [15:46:57] <-- r121038l (~164a56@12.8.233.98) has left
> [15:46:57] <-- t182786x (~2014z76 () node134a5 a2000 nl) has left
> [15:46:57] <-- w152120h (~115t73 () adsl-78-184-91 mco bellsouth net) has
> left
> [15:47:00] <-- l58971w (413x34 () adsl-63-199-8-138 dsl snfc21 pacbell net)
> has left
> [15:47:00] <-- x1250320w (1999i8 () kt karacs sulinet hu) has left
> [15:47:00] <-- t448718u (231e58 () node1270f a2000 nl) has left
> [15:47:00] <-- q1761710g
> (873r30 () adsl-63-199-8-138 dsl snfc21 pacbell net) has left
> [15:47:00] <-- i455418b (362d76 () calnet15-234 gtecablemodem com) has left
>
> [15:47:00] <-- r765519r
> (932q75 () adsl-63-205-159-146 dsl lsan03 pacbell net) has left
> [15:47:00] <-- y911819x
> (131s44 () adsl-63-205-159-146 dsl lsan03 pacbell net) has left
> [15:47:00] <-- t57012o (1425w46 () node134a5 a2000 nl) has left
> [15:47:00] <-- z15931b (392o31 () node168f2 a2000 nl) has left
> [15:47:00] <-- u1225416s (1195g62 () adsl-78-184-91 mco bellsouth net) has
> left
>
> [15:47:00] <-- p1446414q (1481n97 () node134a5 a2000 nl) has left
>
> --
> "There are two major products that come out of Berkeley: LSD and UNIX. We
> don't believe this to be a coincidence." -- Jeremy Anderson