Re: Linuxconf scanning

[Jim Roland <jroland () ROLAND NET>]

Forget getting any further response from them.  I sent a message to them
when a RedHat 6.1 box I had was scanned and compromised with linuxconf (I
closed the hole quickly) a customer of mine.  I got the automated response
they received my email, but nothing further from them ever again.  That was
over 3 months ago.  Looks like the same guy is up to his old tricks again.

Good Luck,
Jim


On Thu, 10 Aug 2000, Brian Sommers wrote:

> Date: Thu, 10 Aug 2000 15:11:43 -0500
> From: Brian Sommers <brian.sommers () CNALIFE COM>
> To: INCIDENTS () SECURITYFOCUS COM
> Subject: Re: Linuxconf scanning
>
> Just recently I did get a manual response from bora.net; I had sent a notice
> to both help () bora net and ipadm () bora net and received a reply that they were
> investigating.  The message signature also had the following:
>
> ------------------------------
> Security Staff,
> BORANet/DACOM
> E-mail : security () bora net
> phone : +82 2 6220 7413
> fax : +82 2 6220 0340
> ------------------------------
>
>
> > -----Original Message-----
> > From:       Dan Hollis [SMTP:goemon () ANIME NET]
> > Sent:       Wednesday, August 09, 2000 5:33 PM
> > To: INCIDENTS () SECURITYFOCUS COM
> > Subject:    Re: [INCIDENTS] Linuxconf scanning
> >
> > On Tue, 8 Aug 2000, James Hoagland wrote:
> > > APNIC was having connection problems yesterday but I managed to get
> > > through to find out it was a Korean address and got
> > > b0048228 () users bora net as the contact adress from KRNIC.  The IP
> > > seems to be part of BORANET in Kyongnam, Korea.  I also e-mailed
> > > abuse () bora net.  I haven't gotten any replies but haven't gotten any
> > > bounces either.
> >
> > bora.net never answers. i don't know if it is a language barrier or if
> > bora.net is black hat, but it's enough for me to blackhole all of their IP
> > space.
> >
> > -Dan