Security Incidents mailing list archives
Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167]
From: m_a_n_i_a_c_ () HOTMAIL COM (Maniac .)
Date: Tue, 11 Jan 2000 17:37:25 GMT
Must be a rare case. Here in Calgary they are pathetic. In the last little while I have cancelled over 32 connections with them for my various customers and have gone to Telus DSL.
My dealing with rogers at home have been very good.. response and action from the abuse email within 12 hours - -----Original Message----- From: Incidents Mailing List [mailto:INCIDENTS () SECURITYFOCUS COM]On Behalf Of Thomas E. Ruth Sent: Friday, January 07, 2000 12:54 PM To: INCIDENTS () SECURITYFOCUS COM Subject: Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] I have sent e-mail to abuse () home com and abuse () rogers home net, so far I havn't had any response at all. Even the local law enforcement and the FBI don't do anything about it. According to them, if the attacker didn't commit fraud, then there isn't anything at all they will do. Oh well, Tom "Maniac ." wrote:The attacker seems to know only enough to be a danger and definatelydoesn'tknow enough not to use his @home connection. Have you contacted @home? Good luck if you have. In the past I have reported attacks from @home customers to @home (shaw cable where I am) and recieved no action of any sort. Does anyone have a good contact at @Home that we can report things likethisto? This user is also using the cr595282-a that @home assigns to userswhenthey do the install. Definately a lack of knowledge on the attackerspart.Even if their IP address changes, the cr59# is uniqe and follows his workstation.The attacker from this IP address is using an RPC scanner to search for versions of amd that has a buffer overflow, and exploiting it. They are then using the exploited systems to scan other subnets and exploitthosesystems, etc. etc. etc.. My system was used as one of these launch points to get in to at least2other systems, one of which got destroyed.______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
Current thread:
- Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167], (continued)
- Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] Thomas E. Ruth (Jan 07)
- Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] Maniac . (Jan 07)
- Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] Thomas E. Ruth (Jan 07)
- Cable modem hosts being exploited to spam. TCP ports 224, 253 Aaron Higbee (Jan 07)
- Probe from NS2.SOHONET.COM Jonathan S. Keim (Jan 08)
- Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] Missouri FreeNet Administration (Jan 10)
- Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] Thomas Molina (Jan 11)
- Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] Andrew Kunz (Jan 11)
- Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] Thomas E. Ruth (Jan 07)
- Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] Andy David (Jan 10)
- Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] Maniac . (Jan 11)
- Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] Maniac . (Jan 11)
- Re: Attacks from cr595282-a.hnsn1.on.wave.home.com [24.112.41.167] Al Huger - Mail Account (Jan 14)