Security Incidents mailing list archives
Re: Cracking tools and backdoors [was cracked by Brazilians]
From: dittrich () CAC WASHINGTON EDU (Dave Dittrich)
Date: Tue, 4 Apr 2000 15:40:54 -0700
On Fri, 31 Mar 2000, Seth Milder wrote:
I did a bit of snooping around. I found where they were keeping the network traffic and where they were sending it: to server.chethams.org.uk, whatever that is (I aim to find out). I put most of their stuff in the attached file for inspection.
Since you published the files, I guess there is no point in being quiet about this. The file "core" in /tmp/.pk/bscan shows the scanner was being run against a system at the time: ./binfo 207.90.11.5 HISTSIZE=1000 HOSTNAME=physics.gmu.edu LOGNAME=postgres This system is: pm-clw-3-259.intnet.net: Internet address = 207.90.11.5 Is owned (for now ;) by: MTD Computer Services (NET-NET-MTDC) 2561 Nursery Rd. #B Clearwater, FL 34624 USA Netname: NET-MTDC Netnumber: 207.90.11.0 Coordinator: Groulx, John (JG1648-ARIN) sportspac () INTNET NET 813-532-4800 Might want to contact them... -- Dave Dittrich Client Services dittrich () cac washington edu Computing & Communications University of Washington <a href="http://www.washington.edu/People/dad/"> Dave Dittrich / dittrich () cac washington edu [PGP Key]</a> PGP 6.5.1 key fingerprint: FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5
Current thread:
- Cracking tools and backdoors [was cracked by Brazilians] Seth Milder (Mar 30)
- Re: Cracking tools and backdoors [was cracked by Brazilians] Dave Dittrich (Apr 04)
- connections from Microsoft to dns server? Alex Blinetskiy (Apr 06)