Security Incidents mailing list archives

Re: Cracking tools and backdoors [was cracked by Brazilians]

From: dittrich () CAC WASHINGTON EDU (Dave Dittrich)
Date: Tue, 4 Apr 2000 15:40:54 -0700


On Fri, 31 Mar 2000, Seth Milder wrote:

I did a bit of snooping around. I found where they were keeping the
network traffic and where they were sending it: to
server.chethams.org.uk, whatever that is (I aim to find out). I put most
of their stuff in the attached file for inspection.


Since you published the files, I guess there is no point in being quiet
about this.

The file "core" in /tmp/.pk/bscan shows the scanner was being run
against a system at the time:

./binfo
207.90.11.5
HISTSIZE=1000
HOSTNAME=physics.gmu.edu
LOGNAME=postgres

This system is:

pm-clw-3-259.intnet.net:
    Internet address = 207.90.11.5

Is owned (for now ;) by:

MTD Computer Services (NET-NET-MTDC)
   2561 Nursery Rd. #B
   Clearwater, FL 34624
   USA

   Netname: NET-MTDC
   Netnumber: 207.90.11.0

   Coordinator:
      Groulx, John  (JG1648-ARIN)  sportspac () INTNET NET
      813-532-4800

Might want to contact them...

--
Dave Dittrich                 Client Services
dittrich () cac washington edu   Computing & Communications
                              University of Washington

<a href="http://www.washington.edu/People/dad/";>
Dave Dittrich / dittrich () cac washington edu [PGP Key]</a>

PGP 6.5.1 key fingerprint:
FE 97 0C 57 08 43 F3 EB  49 A1 0C D0 8E 0C D0 BE  C8 38 CC B5

Current thread:

Cracking tools and backdoors [was cracked by Brazilians] Seth Milder (Mar 30)
- Re: Cracking tools and backdoors [was cracked by Brazilians] Dave Dittrich (Apr 04)
- connections from Microsoft to dns server? Alex Blinetskiy (Apr 06)