nanog mailing list archives
Sagonet - Failing miserably with network security Someone needs to handle this.
From: "Chris Jester" <chris_jester () suavemente net>
Date: Sun, 29 Oct 2006 11:28:47 -0800 (PST)
65.110.62.120 Sagonet, We have a serious hacker here who is ACTIVLY engaged in logins on our network (have him in a honeypot at the moment). He is running exploits from your network and also I have been hearing from others that you have been notified of this a few times yet have done nothing about it. Can we get someone to handle this immediately please? This hacker has rooted at least 35 servers on a friends network (friendly competitor) and now hes scanning ours... This is what was said by my friend after contacting you guys about this: "Good... They will not listen... I have provided them logs, screen shots, etc..." Additionally, I would LOVE to know what is on that server... this guy is not to be taken lightly, he is VERY methodical and patient. He's problably owning your network too. [root@mail /home]# netstat -an Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN tcp 0 0 :::38300 :::* LISTEN tcp 0 0 ::ffff:66.11.112.15:38300 ::ffff:65.110.62.120:59979 ESTABLISHED ESTABLISHED
Current thread:
- Sagonet - Failing miserably with network security Someone needs to handle this. Chris Jester (Oct 29)
- Re: Sagonet - Failing miserably with network security Someone needs to handle this. Randy Bush (Oct 29)
- Message not available
- Re: Sagonet - Failing miserably with network security Someone needs to handle this. Chris Jester (Oct 29)
- Re: Sagonet - Failing miserably with network security Someone needs to handle this. Stephen Satchell (Oct 29)
- <Possible follow-ups>
- RE: Sagonet - Failing miserably with network security Someone needs to handle this. Lasher, Donn (Oct 30)
- Re: Sagonet - Failing miserably with network security Someone needs to handle this. Jordan Medlen (Oct 30)