Security Incidents mailing list archives

Rooted Boxes

From: "Christian W. Zuckschwerdt" <zany () TRIQ NET>
Date: Mon, 15 Jan 2001 21:06:19 +0100

Some machine in a subnet behind our IDS has been rooted and abused for
IRC-Clones etc.

The logs show interactive(!) telnet access to that box from these IP#'s

202.188.25.163  TMnet Telekom Malaysia
202.188.192.38  -"-
202.151.196.75  Maxis Communications Berhad ISP
203.121.68.161  TIME Telecommunications Sdn Bhd Kuala Lumpur
209.57.44.142   Verio, Inc.
210.225.29.163  Nippon Jimuki Union (Japan)
210.163.139.31  Speed Internet Inc. (Japan)

Are those dial-in boxes? If not is there any chance to contact the
owners?

  cu.
    :
    Christian

Current thread:

Rooted Boxes Christian W. Zuckschwerdt (Jan 15)
- <Possible follow-ups>
- Re: Rooted Boxes Christian W. Zuckschwerdt (Jan 16)
  - Re: Rooted Boxes gabriel rosenkoetter (Jan 16)
  - Re: Rooted Boxes dor (Jan 17)