heads up ... another imapd attack source
cnielsen at nielsen.net
Mon Dec 14 23:53:30 UTC 1998
On Mon, 14 Dec 1998, Phil Howard wrote:
> Just a few minutes ago, another attempted IMAPD breakin.
> This one originated from rock.careers.csulb.edu [18.104.22.168].
> It was logged at Dec 14 16:59:56 CST.
Yea... They are going on all over the net. The problem is that many people are
on the net putting up boxes that have the 'standard' OS install and not
patching the system or following bugtraq etc. They get into one and than
another and another.
There really needs to be a clearing house for companies to get together and
help track down these so called great hackers (script kiddies).
We had a breakin from gtecablemodem.com around midnight and couldn't get a
hold of anyone. We don't peer with them so our contact info was limited. I
even check out the noc page info sites and they (as well at GTE) were not
But, to this day, they still have an open relay on their cable modem network
that allows script kiddies from around the world to use them(1).
We are starting to put together information for nocs and now we need
numbers for network security in each company... Maybe NANSG (North American
Network Security Group). Than when we attend mettings, we can sign each others
PGP key so we know who we are dealing with.
(1) if anyone from GTE Cable would like to contact me, I would be glad to give
them the site they are using as a relay.
More information about the NANOG