Security Incidents mailing list archives

Paypal.com hosting IRC server, possible hack?

From: mistymountainhop () hushmail com
Date: Thu, 23 Jan 2003 21:23:54 -0800


A system on the Paypal.com domain is hosting an IRC server. Historically, IRC servers have had security issues, and 
they continue to be high-profile targets. I am not sure if these servers are being intentionally run by a Paypal.com 
administrator, or if they have been set up by crackers to use Paypal.coms bandwidth.

The IRC server was recently introduced to an IRC network, EnterTheGame (http://www.enterthegame.com), as 
ca.enterthegame.com:

[user@box ~]$ nslookup ca.enterthegame.com
Name: irc.enterthegame.com
Addresses: 209.131.67.21, 216.136.154.43, 209.131.67.20
Aliases: ca.enterthegame.com

[user@box ~]$ nslookup 216.136.154.43
Name: node-216-136-154-43.networks.paypal.com
Address: 216.136.154.43
Aliases: 43.154.136.216.in-addr.arpa

[user@box ~]$ nc node-216-136-154-43.networks.paypal.com 6667
:Ca.EnterTheGame.Com NOTICE AUTH :*** Looking up your hostname...
:Ca.EnterTheGame.Com NOTICE AUTH :*** Checking Ident
:Ca.EnterTheGame.Com NOTICE AUTH :*** Found your hostname
:Ca.EnterTheGame.Com NOTICE AUTH :*** No Ident response

Im not sure if this server is being intentionally hosted, or if its the work of crackers who have obtained access to 
a Paypal.com system. If the server is being intentionally hosted, the Paypal administrators are knowingly subjecting 
their customers and investors to additional security risks. Moreover, being part of an IRC network may subject 
Paypal.com to the actions of the IRC users, which may include allowing or promoting the distribution of illegal 
software. If Paypal is not intentionally hosting the server, it is safe to assume that they have been cracked and 
customer data (names, credit cards, and more), as well as Paypal and Ebays internal network, is at risk of compromise.

Contact information for EnterTheGame, which was obtained from http://www.enterthegame.com, are the email addresses info 
() enterthegame com, press () enterthegame com, and support () enterthegame com. Inquiring emails to Paypal.com were 
not answered after 48 hours.



Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2 

Big $$$ to be made with the HushMail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Paypal.com hosting IRC server, possible hack? mistymountainhop (Jan 25)
- Re: Paypal.com hosting IRC server, possible hack? dtm (Jan 26)