Exodus / Clue problems
James McKenzie
mcs at 1ipnet.net
Mon Nov 16 04:02:58 UTC 1998
The owner did not allow any further action to the box except to have it
removed from the network . So until the owner sends someone in to clean up
we won't know anything more.
James
At 10:54 PM 11/15/98 -0500, TTSG wrote:
>>
>>
>> I have received a call from Exodus. The machine (209.67.50.254) has been
>> removed from the network by request of the owner of the box.
>>
> Great!, but..............
>
> a) Did they end up obtaining access to another site and will begin
> there?
>
> b) WAS the origination actually the box as people have claimed, or
> was it spoofed?
>
> c) There was a report that it had stopped earlier (As seen below
> from Roeland), is anyone still seeing it?
>
> d) Was the box just YANKED, or did someone actually try to find
> out if there was someone/something on it and where its
> origin is?
>
> Tuc/TTSG
>> James
>>
>> At 07:22 PM 11/15/98 -0800, Roeland M.J. Meyer wrote:
>> >Sombody musta got them, 'cause their gone now.
>> >
>> >At 06:25 PM 11/15/98 -0600, William S. Duncanson wrote:
>> >>Seeing it here, too.
>> >>
>> >>At 18:52 11/15/98 -0500, Daniel Senie wrote:
>> >>>sigma at pair.com wrote:
>> >>>>
>> >>>> Let me guess - the IP is 209.67.50.254, and they're trying to login to
>> >>>> nameservers as "root", sometimes a dozen times per second?
>> >>>
>> >>>I'm seeing that IP address trying to telnet into my name servers (don't
>> >>>know if it's as root, since my filters are blocking them). I also see
>> >>>them trying to access IMAP on my servers.
>> >>>
>> >>>Dan
>> >>>
>> >>>--
>> >>>-----------------------------------------------------------------
>> >>>Daniel Senie dts at senie.com
>> >>>Amaranth Networks Inc. http://www.amaranthnetworks.com
>> >>
>> >>
>> >>William S. Duncanson caesar at starkreality.com
>> >>The driving force behind the NC is the belief that the companies who
>> >brought us
>> >>things like Unix, relational databases, and Windows can make an appliance
>> >that
>> >>is inexpensive and easy to use if they choose to do that. -- Scott
Adams
>> >>
>> >
>> >___________________________________________________
>> >Roeland M.J. Meyer, ISOC (InterNIC RM993)
>> >e-mail: <mailto:rmeyer at mhsc.com>rmeyer at mhsc.com
>> >Internet phone: hawk.mhsc.com
>> >Personal web pages: <http://www.mhsc.com/~rmeyer>www.mhsc.com/~rmeyer
>> >Company web-site: <http://www.mhsc.com/>www.mhsc.com/
>> >___________________________________________
>> > Who is John Galt?
>> > "Atlas Shrugged" - Ayn Rand
>> >
>> >
>>
>> James McKenzie
>> mcs at 1ipnet.net
>> http://www.1ipnet.net
>>
>
>
James McKenzie
mcs at 1ipnet.net
http://www.1ipnet.net
More information about the NANOG
mailing list