nanog mailing list archives
Re: IMAP attacks continue
From: alex () relcom EU net
Date: Mon, 23 Nov 1998 00:36:37 +0300
Anyway, I recommend you to WARN the owners of this servers _you server NO DOUBT T IS BROKEN and abused by the hacker_. I see al (ALL) domains the scanning was originated from are in the list of the domains where sniffers is known was installed and passworeds collected by the hackers. Unfortunately, this is (mainly) big educational networks where sysadmins are clueless about security and abusing. I have got answers on my WARN messages at (approx) 50% cases, mainly from small commecrial companies, sometimes from ISP, and rarely from the universities. I can provide you a few examples of such networks. In message <36585D27.6C019DA5 () senie com> Daniel Senie writes:
The frequency of IMAP attacks is increasing, and the number of IP addresses scanned per attack seems to be increasing as well. In the last 24 hours, I've been scanned by:
fermi.math.csi.cuny.edu c149.lib.uci.edu sockeye.cob.calpoly.edu quebec.upa.qc.ca
Anyone upstream of any of these able to add a Sniffer? It'd be interesting to see if someone is connected in via telnet or ssh and launching the attacks remotely. With all of these types of attack in the last several days, the systems doing the attacking have all been ones that were compromised.
-- ----------------------------------------------------------------- Daniel Senie dts () senie com Amaranth Networks Inc. http://www.amaranthnetworks.com
-- Aleksei Roudnev, Network Operations Center, Relcom, Moscow (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager) (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
Current thread:
- IMAP attacks continue Daniel Senie (Nov 22)
- Re: IMAP attacks continue alex (Nov 22)
- Re: IMAP attacks continue Phil Howard (Nov 23)
- Re: IMAP attacks continue Phil Howard (Nov 23)
- Re: IMAP attacks continue Alex P. Rudnev (Nov 24)
- Re: IMAP attacks continue Kevin Houle (Nov 23)
- Re: IMAP attacks continue Alex P. Rudnev (Nov 24)
- Re: IMAP attacks continue Phil Howard (Nov 23)