Re: [Full-disclosure] Brain dead SSH scans from Italy
From: Vania Martino Toma (b4yt1c0l_at_alice.it)
Date: 10/28/05
- Previous message: Valdis.Kletnieks_at_vt.edu: "Re: [Full-disclosure] Brain dead SSH scans from Italy"
- In reply to: Etaoin Shrdlu: "[Full-disclosure] Brain dead SSH scans from Italy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 28 Oct 2005 23:42:19 +0200 To: Etaoin Shrdlu <shrdlu@deaddrop.org>
Etaoin Shrdlu wrote:
>Well, I'm stumped. I mean, really stumped.
>
>I've had a host scanning my network for the past three days, and it
>initially looked like one of the automated scans we've all become so
>familiar with (unfortunately). Naturally, the automatic defense was
>engaged, and I thought that would be the end of it. Nope.
>
>It continues to send SYN packets, and although it's dropped off in attacks
>to the other machines, it still pounds at the doors of two of them. Those
>two machines have a couple of things in common: they are both running BIND
>9, and are both OpenBSD {mumble}.
>
>I've sent email off to the RIPE contacts for the IP (195.250.227.226), and
>to the WHOIS contacts for the domain (ocem.com), and to abuse@ocem.com as
>well. Nothing. If I take off the null routing on either of those machines,
>it immediately starts hammering at them, with no signs of cessation. I have
>considered just letting it finish, but I'm more concerned that there's a
>new variant on this moronic scan that doesn't know when to quit. I suspect
>that the continuation is because they are DNS servers, since I took the
>blocking off of one of the other machines also running OpenBSD, and the
>scanning did not resume (although I had expected it to).
>
>I'm at a loss. If anyone knows Italian (I don't), and can contact one of:
>
>fabiom@uni.net
>ennio.scheda@ocem.com
>lucamarino@cassiopea.it
>
>or anyone at ocem.com, please, let them know that the machine is
>compromised, and that they need to take it off line, and clean it up.
>
>TIA and all that.
>
>--
>There are two ways, my friend, that you can be rich in life.
>One is to make a lot of money and the other is to have few needs.
>
>William Sloane Coffin, "Letters to a Young Doubter"
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
I'm italian, if you want, send to me the text of the email for:
fabiom@uni.net
ennio.scheda@ocem.com
lucamarino@cassiopea.it
and I will take care myself of the translation.
Regards
Vania
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Previous message: Valdis.Kletnieks_at_vt.edu: "Re: [Full-disclosure] Brain dead SSH scans from Italy"
- In reply to: Etaoin Shrdlu: "[Full-disclosure] Brain dead SSH scans from Italy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
