North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Exodus: this is bad
Just got to this list. Has any one called the FBI yet. It looks like a full-scale raid. At 08:34 PM 11/16/98 -0500, Richard Irving wrote: >It looks worse Jared, > > This appears to be a concerted effort. This type of attack >is propogating to new origin IP's by the hour. There seems to >be a pattern forming.... > > DNS server is compromised. (Bind ? Autohack ?) > local programs set up to crack local passwords. > (Dumps results to FTP directory) > local program set up to port probe/asttack other DNS's. > (Dumps results to FTP directory) > > Someone said Linux servers appear to be primary targets.. > I suggest maybe Linux servers were more likely to have a vulnerable > configuration... Probers running locally,( that I saw), did not *seem* > to discriminate. (Conjecture Based on output of parasitic programs) > > I hate to profer alt.net.conspiracy...... But... > > the above data was collected both by myself, as well as another > NANOG member who may want to remain anonymous... > (He didn't post it to the group) > > CERT does have an alert posted, but I am not sure > they know how pervasive this is..... > > > > > >Jared Mauch wrote: >> >> On Mon, Nov 16, 1998 at 06:51:53PM -0500, Adam Rothschild wrote: >> > Am I forgetting anything? >> >> Yeah. >> >> Calling the providers where the attack is originating from. >> >> Calling your local law enforcement agencies and alerting >> them to the problem at hand >> >> Calling your local fbi agent and telling them what is going on. >> >> Calling CERT and opening up a case >> >> I'm sure if you get CERT+FBI+Local law agencies calling *ANY* >> noc, someone is going to notice. >> >> And for fun, call CNN, or some other news agency, and say >> "xxx hasn't dealt with this after many phone calls, etc..". >> >> If none of those paths provides you with the desired response, >> unplug your ethernet cable. >> >> - jared >> >> -- >> Jared Mauch | pgp key available via finger from [email protected] >> | http://puck.nether.net/~jared/ > ___________________________________________________ Roeland M.J. Meyer, ISOC (InterNIC RM993) e-mail: <mailto:[email protected]>[email protected] Internet phone: hawk.mhsc.com Personal web pages: <http://www.mhsc.com/~rmeyer>www.mhsc.com/~rmeyer Company web-site: <http://www.mhsc.com/>www.mhsc.com/ ___________________________________________ Who is John Galt? "Atlas Shrugged" - Ayn Rand
|