Exodus: this is bad

Richard Irving rirving at onecall.net
Tue Nov 17 01:34:23 UTC 1998


It looks worse Jared,

  This appears to be a concerted effort. This type of attack
is propogating to new origin IP's by the hour. There seems to
be a pattern forming....

  DNS server is compromised.  (Bind ? Autohack ?)
  local programs set up to crack local passwords.
  (Dumps results to FTP directory)
  local program set up to port probe/asttack other DNS's.
  (Dumps results to FTP directory)

  Someone said Linux servers appear to be primary targets..
  I suggest maybe Linux servers were more likely to have a vulnerable
  configuration... Probers running locally,( that I saw), did not *seem*
  to discriminate. (Conjecture Based on output of parasitic programs)
  
  I hate to profer alt.net.conspiracy...... But...

  the above data was collected both by myself, as well as another
  NANOG member who may want to remain anonymous... 
  (He didn't post it to the group)

  CERT does have an alert posted, but I am not sure 
  they know how pervasive this is.....


  
  

Jared Mauch wrote:
> 
> On Mon, Nov 16, 1998 at 06:51:53PM -0500, Adam Rothschild wrote:
> > Am I forgetting anything?
> 
>         Yeah.
> 
>         Calling the providers where the attack is originating from.
> 
>         Calling your local law enforcement agencies and alerting
> them to the problem at hand
> 
>         Calling your local fbi agent and telling them what is going on.
> 
>         Calling CERT and opening up a case
> 
>         I'm sure if you get CERT+FBI+Local law agencies calling *ANY*
> noc, someone is going to notice.
> 
>         And for fun, call CNN, or some other news agency, and say
> "xxx hasn't dealt with this after many phone calls, etc..".
> 
>         If none of those paths provides you with the desired response,
> unplug your ethernet cable.
> 
>         - jared
> 
> --
> Jared Mauch  | pgp key available via finger from jared at puck.nether.net
>              | http://puck.nether.net/~jared/



More information about the NANOG mailing list