Information from an FTP violation this weekend.

Jade E. Deane jade.deane at HelloNetwork.com
Mon Apr 23 20:47:39 UTC 2001


Hello, my toaster is connected at 192.168.5.44 and it was hax0red.  My
social security number is 275-53-4678, and my favorite color is blue.

How pointless is this mail-list?

/paxil



> On Mon, 23 Apr 2001, Smith, Rick wrote:
>
> >
> >
> > Nanog; fyi.
> >
> > APNIC / Excite / Home.net -
> >
> > We have an ftp site running on 209.123.52.40 that is made writable at
> > certain periods of time for anonymous users.  Some of our customer's
systems
> > are programmed to send in bug reports, problem programs, etc at these
times.
> > One of these periods of time was this past Friday (4/20/01) from 6pm EST
to
> > Saturday afternoon at Noon.  In that time period, a couple of hundred
megs
> > of movies / warez / crap was dropped onto the ftp site, and then the
people
> > that were (I presume) loading up the site got cut off.
> >
> > Not only did the violator from 203.164.51.0/24 store illegal information
on
> > our ftp site, they also deleted everything that existed.  Not anyone's
fault
> > there but our own, and no problem since there were backups, but just fyi
> > that this stuff is happening out there from the reported networks.
> >
> > Here's some information I collected from a .htaccess file in one of the
> > directories that these <insert explative here> left.
> >
> > <Limit GET>
> > order allow,deny
> > deny from 141.201.222.
> > deny from 24.141.20.
> > deny from 24.141.36.
> > deny from 65.1.50.
> > .
> > .  Bunch of Denies
> > .
> > allow from  203.164.51.
> > deny from 203.164.3.
> > deny from 62.30.0.
> > .
> > .  Bunch of Denies
> > .
> > allow from all
> > </Limit>
> >
> >
> >
> > I run Portsentry on my FreeBSD firewall, which caught and denied this:
> > 987814775 - 04/20/2001 20:59:35 Host: www.uov.net/209.37.153.6 Port: 515
TCP
> > Blocked
> >
> >
> > The swip info for the one allow statement in that htaccess file:
> >
> > [root]# whois -h whois.arin.net 203.164.51.0
> >
> > Asia Pacific Network Information Center (APNIC2)
> >    These addresses have been further assigned to Asia-Pacific users.
> >    Contact info can be found in the APNIC database,
> >    at WHOIS.APNIC.NET or http://www.apnic.net/
> >    Please do not send spam complaints to APNIC.
> >    AU
> >
> >    Netname: APNIC-CIDR-BLK
> >    Netblock: 202.0.0.0 - 203.255.255.255
> >    Maintainer: AP
> >
> >
> > Gee - go figure - a cable modem ween
> >
> > [root]# whois -h whois.apnic.net 203.164.51.0
> >
> > % Rights restricted by copyright. See
> > http://www.apnic.net/db/dbcopyright.html
> >
> > inetnum:     203.164.48.0 - 203.164.51.255
> > netname:     ATHOME-AU-RIVRW-1
> > descr:       Infrastructure
> > country:     AU
> > admin-c:     HH85-AP
> > tech-c:      AI13-AP
> > mnt-by:      MAINT-AU-ATHOME
> > changed:     ipmgmt at excitehome.net 20000911
> > source:      APNIC
> >
> > person:      Hostmaster Home Network Australia
> > address:     100 Harris Street
> > address:     Pyrmont
> > address:     NSW 2009
> > phone:       +61 2 9005 1000
> > fax-no:      +61 2 9005 1076
> > country:     AU
> > e-mail:      hostmaster at homenetwork.com.au
> > nic-hdl:     HH85-AP
> > mnt-by:      MAINT-AU-ATHOME
> > changed:     judithh at corp.home.net 20000830
> > source:      APNIC
> >
> > person:      ATHome-AU IP Mgmt
> > address:     450 Broadway Street
> > address:     Redwood City, CA 94063
> > address:     US
> > phone:       +1-800-872-3595
> > country:     AU
> > e-mail:      ipmgmt at excitehome.neet
> > nic-hdl:     AI13-AP
> > mnt-by:      MAINT-AU-ATHOME
> > changed:     judithh at corp.home.net 20000830
> > source:      APNIC
> >
> >
> >
> > Thanks,
> > Rick Smith
> > Director of Technical Services
> > Applied Tactical Systems
> > (A division of Vertex Interactive, Inc.)
> > <http://www.atsworld.com> --- <http://www.vertexinteractive.com>
> > (973) 808 - 1750 x382
> >
> >
> >
>
> --
> Stephen J. Wilcox
> IP Services Manager, Opal Telecom
> http://www.opaltelecom.co.uk/
> Tel: 0161 222 2000
> Fax: 0161 222 2008
>
>





More information about the NANOG mailing list