Exodus / Clue problems
TTSG
ttsg at ttsg.com
Mon Nov 16 04:12:49 UTC 1998
>
>
> The owner did not allow any further action to the box except to have it
> removed from the network . So until the owner sends someone in to clean up
> we won't know anything more.
>
8-( Did Exodus atleast try to do some sniffing of traffic or
captures at the router or SOMETHING? Or will we never know anything more
about this?
Tuc/TTSG
> James
>
> At 10:54 PM 11/15/98 -0500, TTSG wrote:
> >>
> >>
> >> I have received a call from Exodus. The machine (209.67.50.254) has been
> >> removed from the network by request of the owner of the box.
> >>
> > Great!, but..............
> >
> > a) Did they end up obtaining access to another site and will begin
> > there?
> >
> > b) WAS the origination actually the box as people have claimed, or
> > was it spoofed?
> >
> > c) There was a report that it had stopped earlier (As seen below
> > from Roeland), is anyone still seeing it?
> >
> > d) Was the box just YANKED, or did someone actually try to find
> > out if there was someone/something on it and where its
> > origin is?
> >
> > Tuc/TTSG
> >> James
> >>
> >> At 07:22 PM 11/15/98 -0800, Roeland M.J. Meyer wrote:
> >> >Sombody musta got them, 'cause their gone now.
> >> >
> >> >At 06:25 PM 11/15/98 -0600, William S. Duncanson wrote:
> >> >>Seeing it here, too.
> >> >>
> >> >>At 18:52 11/15/98 -0500, Daniel Senie wrote:
> >> >>>sigma at pair.com wrote:
> >> >>>>
> >> >>>> Let me guess - the IP is 209.67.50.254, and they're trying to login to
> >> >>>> nameservers as "root", sometimes a dozen times per second?
> >> >>>
> >> >>>I'm seeing that IP address trying to telnet into my name servers (don't
> >> >>>know if it's as root, since my filters are blocking them). I also see
> >> >>>them trying to access IMAP on my servers.
> >> >>>
> >> >>>Dan
> >> >>>
> >> >>>--
> >> >>>-----------------------------------------------------------------
> >> >>>Daniel Senie dts at senie.com
> >> >>>Amaranth Networks Inc. http://www.amaranthnetworks.com
> >> >>
> >> >>
> >> >>William S. Duncanson caesar at starkreality.com
> >> >>The driving force behind the NC is the belief that the companies who
> >> >brought us
> >> >>things like Unix, relational databases, and Windows can make an appliance
> >> >that
> >> >>is inexpensive and easy to use if they choose to do that. -- Scott
> Adams
> >> >>
> >> >
> >> >___________________________________________________
> >> >Roeland M.J. Meyer, ISOC (InterNIC RM993)
> >> >e-mail: <mailto:rmeyer at mhsc.com>rmeyer at mhsc.com
> >> >Internet phone: hawk.mhsc.com
> >> >Personal web pages: <http://www.mhsc.com/~rmeyer>www.mhsc.com/~rmeyer
> >> >Company web-site: <http://www.mhsc.com/>www.mhsc.com/
> >> >___________________________________________
> >> > Who is John Galt?
> >> > "Atlas Shrugged" - Ayn Rand
> >> >
> >> >
> >>
> >> James McKenzie
> >> mcs at 1ipnet.net
> >> http://www.1ipnet.net
> >>
> >
> >
>
> James McKenzie
> mcs at 1ipnet.net
> http://www.1ipnet.net
>
More information about the NANOG
mailing list