North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Information from an FTP violation this weekend.
Hello, my toaster is connected at 192.168.5.44 and it was hax0red. My social security number is 275-53-4678, and my favorite color is blue. How pointless is this mail-list? /paxil > On Mon, 23 Apr 2001, Smith, Rick wrote: > > > > > > > Nanog; fyi. > > > > APNIC / Excite / Home.net - > > > > We have an ftp site running on 209.123.52.40 that is made writable at > > certain periods of time for anonymous users. Some of our customer's systems > > are programmed to send in bug reports, problem programs, etc at these times. > > One of these periods of time was this past Friday (4/20/01) from 6pm EST to > > Saturday afternoon at Noon. In that time period, a couple of hundred megs > > of movies / warez / crap was dropped onto the ftp site, and then the people > > that were (I presume) loading up the site got cut off. > > > > Not only did the violator from 203.164.51.0/24 store illegal information on > > our ftp site, they also deleted everything that existed. Not anyone's fault > > there but our own, and no problem since there were backups, but just fyi > > that this stuff is happening out there from the reported networks. > > > > Here's some information I collected from a .htaccess file in one of the > > directories that these <insert explative here> left. > > > > <Limit GET> > > order allow,deny > > deny from 141.201.222. > > deny from 24.141.20. > > deny from 24.141.36. > > deny from 65.1.50. > > . > > . Bunch of Denies > > . > > allow from 203.164.51. > > deny from 203.164.3. > > deny from 62.30.0. > > . > > . Bunch of Denies > > . > > allow from all > > </Limit> > > > > > > > > I run Portsentry on my FreeBSD firewall, which caught and denied this: > > 987814775 - 04/20/2001 20:59:35 Host: www.uov.net/209.37.153.6 Port: 515 TCP > > Blocked > > > > > > The swip info for the one allow statement in that htaccess file: > > > > [root]# whois -h whois.arin.net 203.164.51.0 > > > > Asia Pacific Network Information Center (APNIC2) > > These addresses have been further assigned to Asia-Pacific users. > > Contact info can be found in the APNIC database, > > at WHOIS.APNIC.NET or http://www.apnic.net/ > > Please do not send spam complaints to APNIC. > > AU > > > > Netname: APNIC-CIDR-BLK > > Netblock: 202.0.0.0 - 203.255.255.255 > > Maintainer: AP > > > > > > Gee - go figure - a cable modem ween > > > > [root]# whois -h whois.apnic.net 203.164.51.0 > > > > % Rights restricted by copyright. See > > http://www.apnic.net/db/dbcopyright.html > > > > inetnum: 203.164.48.0 - 203.164.51.255 > > netname: ATHOME-AU-RIVRW-1 > > descr: Infrastructure > > country: AU > > admin-c: HH85-AP > > tech-c: AI13-AP > > mnt-by: MAINT-AU-ATHOME > > changed: [email protected] 20000911 > > source: APNIC > > > > person: Hostmaster Home Network Australia > > address: 100 Harris Street > > address: Pyrmont > > address: NSW 2009 > > phone: +61 2 9005 1000 > > fax-no: +61 2 9005 1076 > > country: AU > > e-mail: [email protected] > > nic-hdl: HH85-AP > > mnt-by: MAINT-AU-ATHOME > > changed: [email protected] 20000830 > > source: APNIC > > > > person: ATHome-AU IP Mgmt > > address: 450 Broadway Street > > address: Redwood City, CA 94063 > > address: US > > phone: +1-800-872-3595 > > country: AU > > e-mail: [email protected] > > nic-hdl: AI13-AP > > mnt-by: MAINT-AU-ATHOME > > changed: [email protected] 20000830 > > source: APNIC > > > > > > > > Thanks, > > Rick Smith > > Director of Technical Services > > Applied Tactical Systems > > (A division of Vertex Interactive, Inc.) > > <http://www.atsworld.com> --- <http://www.vertexinteractive.com> > > (973) 808 - 1750 x382 > > > > > > > > -- > Stephen J. Wilcox > IP Services Manager, Opal Telecom > http://www.opaltelecom.co.uk/ > Tel: 0161 222 2000 > Fax: 0161 222 2008 > >
|