Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Rooted Boxes

From: haji din <ahbh99 () YAHOO COM>
Date: Fri, 16 Feb 2001 12:03:27 -0800
yes,  those ip#'s are dial-in boxes. i believe they're
wingate's. the owners might not even  know that their
boxes have been used as proxies.

--- "Christian W. Zuckschwerdt" <zany () TRIQ NET> wrote:

Some machine in a subnet behind our IDS has been
rooted and abused for
IRC-Clones etc.

The logs show interactive(!) telnet access to that
box from these IP#'s

202.188.25.163  TMnet Telekom Malaysia
202.188.192.38  -"-
202.151.196.75  Maxis Communications Berhad ISP
203.121.68.161  TIME Telecommunications Sdn Bhd
Kuala Lumpur
209.57.44.142   Verio, Inc.
210.225.29.163  Nippon Jimuki Union (Japan)
210.163.139.31  Speed Internet Inc. (Japan)

Are those dial-in boxes? If not is there any chance
to contact the
owners?

  cu.
    :
    Christian



__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35
a year!  http://personal.mail.yahoo.com/
Previous By Date Next
Previous By Thread Next

Current thread: