Security Incidents mailing list archives

Re: What the hell is with Korea?!

From: "J. Stutzman" <henrybasset () CHESAPEAKE NET>
Date: Wed, 20 Sep 2000 17:34:21 -0400

For all you folks being hacked from Korea. Don't summarily discount the hacks
as anklebiters. I do a presentation showing competitive intelligence threats.
One of the CI agencies in the brief is the Korean Agency for Defense
Development. You can check them out online, or there's a good explaination of
their activies at http://www.nmjc.org/aoard/9425.html. This is the short
version. Take a look, it's worth the read. (maybe a minutes worth of text).
It's an important note that not every hacker is a fat kid having fun on the
computer in his basement.

Jeff Stutzman
www.info-security.net
Healthcare ISAC


LOS Ralph wrote:

Hello readers,
        Can someone tell me what this was/is?  I traced the owner - duh -
some Korean IP, and sending them email to this regard just generates an
auto-replay that it's improperly formatted....now I have to go through the
hassle of trying to communicate with these hostmaster(s) over there.

        If anyone can shed light on this, please do.

Ralph M. Los
Internet Systems & Security Admin.              (312) 827-3945 (direct)
EnvestNet Advisory Corp.                        (312) 296-9003 (wireless)
                                                rlos () envestnet com

09/17/2000 04:56:46.816 -       TCP connection dropped -
Source:210.219.251.228, 4436, WAN -
Destination:63.140.7.27, 59, LAN -       -      Rule 22
09/17/2000 04:56:47.544 -       TCP connection dropped -
Source:210.219.251.228, 4477, WAN -     Destination:63.140.7.68, 59, LAN -
-       Rule 22
09/17/2000 04:56:47.544 -       TCP connection dropped -
Source:210.219.251.228, 4494, WAN -     Destination:63.140.7.85, 59, LAN -
-       Rule 22
09/17/2000 04:56:47.544 -       TCP connection dropped -
Source:210.219.251.228, 4479, WAN -     Destination:63.140.7.70, 59, LAN -
-       Rule 22
09/17/2000 04:56:47.544 -       TCP connection dropped -
Source:210.219.251.228, 4481, WAN -     Destination:63.140.7.72, 59, LAN -
-       Rule 22
09/17/2000 04:56:47.544 -       TCP connection dropped -
Source:210.219.251.228, 4507, WAN -     Destination:63.140.7.98, 59, LAN -
-       Rule 22
09/17/2000 04:56:47.560 -       TCP connection dropped -
Source:210.219.251.228, 4498, WAN -     Destination:63.140.7.89, 59, LAN -
-       Rule 22
09/17/2000 04:56:47.560 -       TCP connection dropped -
Source:210.219.251.228, 4499, WAN -     Destination:63.140.7.90, 59, LAN -
-       Rule 22
09/17/2000 04:56:47.560 -       TCP connection dropped -
Source:210.219.251.228, 4536, WAN -     Destination:63.140.7.127, 59, LAN -
-       Rule 22
09/17/2000 04:56:47.560 -       TCP connection dropped -
Source:210.219.251.228, 4500, WAN -     Destination:63.140.7.91, 59, LAN -
-       Rule 22
09/17/2000 04:56:47.576 -       TCP connection dropped -
Source:210.219.251.228, 4506, WAN -     Destination:63.140.7.97, 59, LAN -
-       Rule 22
09/17/2000 04:56:47.576 -       TCP connection dropped -
Source:210.219.251.228, 4508, WAN -     Destination:63.140.7.99, 59, LAN -
-       Rule 22
09/17/2000 04:56:47.576 -       TCP connection dropped -
Source:210.219.251.228, 4511, WAN -     Destination:63.140.7.102, 59, LAN -
-       Rule 22
09/17/2000 04:56:47.576 -       TCP connection dropped -
Source:210.219.251.228, 4515, WAN -     Destination:63.140.7.106, 59, LAN -
-       Rule 22
09/17/2000 04:56:47.592 -       TCP connection dropped -
Source:210.219.251.228, 4523, WAN -     Destination:63.140.7.114, 59, LAN -
-       Rule 22
09/17/2000 04:56:47.592 -       TCP connection dropped -
Source:210.219.251.228, 4525, WAN -     Destination:63.140.7.116, 59, LAN -
-       Rule 22
09/17/2000 04:56:47.592 -       TCP connection dropped -
Source:210.219.251.228, 4528, WAN -     Destination:63.140.7.119, 59, LAN -
-       Rule 22
09/17/2000 04:56:47.592 -       TCP connection dropped -
Source:210.219.251.228, 4533, WAN -     Destination:63.140.7.124, 59, LAN -
-       Rule 22
09/17/2000 04:56:47.592 -       TCP connection dropped -
Source:210.219.251.228, 4538, WAN -     Destination:63.140.7.129, 59, LAN -
-       Rule 22
09/17/2000 04:56:47.592 -       TCP connection dropped -
Source:210.219.251.228, 4541, WAN -     Destination:63.140.7.132, 59, LAN -
-       Rule 22
09/17/2000 04:56:47.592 -       TCP connection dropped -
Source:210.219.251.228, 4540, WAN -     Destination:63.140.7.131, 59, LAN -
-       Rule 22
09/17/2000 04:56:47.592 -       TCP connection dropped -
Source:210.219.251.228, 4542, WAN -     Destination:63.140.7.133, 59, LAN -
-       Rule 22
09/17/2000 04:58:35.544 -       TCP connection dropped -
Source:210.219.251.228, 3076, WAN -     Destination:63.140.7.24, 53, LAN -
'Name Service (DNS)' -  Rule 22
09/17/2000 04:58:35.544 -       TCP connection dropped -
Source:210.219.251.228, 3077, WAN -     Destination:63.140.7.25, 53, LAN -
'Name Service (DNS)' -  Rule 22
09/17/2000 04:58:35.560 -       TCP connection dropped -
Source:210.219.251.228, 3065, WAN -     Destination:63.140.7.13, 53, LAN -
'Name Service (DNS)' -  Rule 22
09/17/2000 04:58:35.560 -       TCP connection dropped -
Source:210.219.251.228, 3071, WAN -     Destination:63.140.7.19, 53, LAN -
'Name Service (DNS)' -  Rule 22
09/17/2000 04:58:35.560 -       TCP connection dropped -
Source:210.219.251.228, 3073, WAN -     Destination:63.140.7.21, 53, LAN -
'Name Service (DNS)' -  Rule 22
09/17/2000 04:58:35.560 -       TCP connection dropped -
Source:210.219.251.228, 3067, WAN -     Destination:63.140.7.15, 53, LAN -
'Name Service (DNS)' -  Rule 22
09/17/2000 04:58:35.560 -       TCP connection dropped -
Source:210.219.251.228, 3068, WAN -     Destination:63.140.7.16, 53, LAN -
'Name Service (DNS)' -  Rule 22
09/17/2000 04:58:35.560 -       TCP connection dropped -
Source:210.219.251.228, 3176, WAN -     Destination:63.140.7.124, 53, LAN -
'Name Service (DNS)' -  Rule 22
09/17/2000 04:58:35.560 -       TCP connection dropped -
Source:210.219.251.228, 3070, WAN -     Destination:63.140.7.18, 53, LAN -
'Name Service (DNS)' -  Rule 22
09/17/2000 04:58:35.560 -       TCP connection dropped -
Source:210.219.251.228, 3181, WAN -     Destination:63.140.7.129, 53, LAN -
'Name Service (DNS)' -  Rule 22
09/17/2000 04:58:35.560 -       TCP connection dropped -
Source:210.219.251.228, 3069, WAN -     Destination:63.140.7.17, 53, LAN -
'Name Service (DNS)' -  Rule 22
09/17/2000 04:58:35.560 -       TCP connection dropped -
Source:210.219.251.228, 3072, WAN -     Destination:63.140.7.20, 53, LAN -
'Name Service (DNS)' -  Rule 22

Current thread:

What the hell is with Korea?! LOS Ralph (Sep 20)
- Re: What the hell is with Korea?! J. Stutzman (Sep 21)
- <Possible follow-ups>
- Re: What the hell is with Korea?! Robert G. Ferrell (Sep 22)
- Re: What the hell is with Korea?! Cho, Douglas (Sep 22)