SGI.com hosts HACKED and being abused by scriptkiddies on IRC.

From: Zehra Erseymen (zehra_erseymen@hotmail.com)
Date: 01/15/03

  • Next message: John Washington: "Re: Curious "spam" (or broken viral payload)..."
    From: "Zehra Erseymen" <zehra_erseymen@hotmail.com>
    To: incidents@securityfocus.com
    Date: Wed, 15 Jan 2003 00:36:35 +0000
    
    

    SGI.COM hosts are being abused by ircwar kiddies/scriptkids on the IRCNET
    network (ircnet.demon.co.uk, irc.stealth.net, irc1.us.ircnet.net and other
    servers)
    These kiddies are taking irc channels, compromising furthur servers and
    launching ddos attacks, and appear also to have compromised the SGI email
    services, since abuse reports were met with silence. Today they launched a
    spoofed ddos attack from ip`s with

    a /whois report follows:
    ÚÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄÄÄÄ--- -- -
    | Geert (~geert@sgigate.SGI.COM) (Internic Commercial)
    ³ ircname : The.Judge
    | channels : @#tropical #DaJudge @#bnc @#Bitches @#irclords
    ³ server : irc-2.stealth.net (Stealth Communications, New York City)
    : idle : 8 hours 32 mins 58 secs (signon: Thu Jan 1 01:00:00 1970)
    ÚÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄ---Ä--ÄÄ-ÄÄÄÄÄÄÄÄÄ--- -- -
    | DaJudge (~Judge@yog-sothoth.sgi.com) (Internic Commercial)
    ³ ircname : The.Judge
    | channels : #singletown #DaJudge @#tropical @#bnc @#Bitches @#irclords
    ³ server : irc-2.stealth.net (Stealth Communications, New York City)
    : idle : 7 hours 53 mins 12 secs (signon: Thu Jan 1 01:00:00 1970)

    Feel free to connect to ircnet and verify this for yourself..
    #irclords is a known kiddie channel, frequented by kiddies who think they
    are the "lords" of irc Also #bnc is a channel used for the trading of
    "psybnc" accounts on compromised servers.

    _________________________________________________________________
    The new MSN 8: smart spam protection and 2 months FREE*
    http://join.msn.com/?page=features/junkmail

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management
    and tracking system please see: http://aris.securityfocus.com